Argument injection vulnerability in HyperAccess 8.4 allows user-assisted remote attackers to execute arbitrary vbscript and commands via the /r option in a telnet:// URI, which is configured to use hawin32.exe.
Threat-Mapped Scoring
Score: 0.0
Priority: Unclassified
EPSS
Score: 0.03552 Percentile:
0.87211
CVSS Scoring
CVSS v2 Score: 6.8
Severity:
Mapped CWE(s)
CWE-88
: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
All CAPEC(s)
CAPEC-137: Parameter Injection
CAPEC-174: Flash Parameter Injection
CAPEC-41: Using Meta-characters in E-mail Headers to Inject Malicious Payloads