ID CVE-2007-1836
Summary The command line administration interface in Data Domain OS before 4.0.3.6 allows remote authenticated users to execute arbitrary commands via shell metacharacters in certain arguments to various commands, as demonstrated by the interface argument to the (1) ifconfig and (2) ping commands.
References
Vulnerable Configurations
  • cpe:2.3:o:data_domain:data_domain_os:*:*:*:*:*:*:*:*
    cpe:2.3:o:data_domain:data_domain_os:*:*:*:*:*:*:*:*
CVSS
Base: 9.0 (as of 16-10-2018 - 16:40)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:S/C:C/I:C/A:C
refmap via4
bid 23182
bugtraq 20070328 Arbitrary Command Execution in DataDomain Administrator Interface
osvdb 34537
secunia 24666
sreason 2516
xf datadomain-admininterface-command-execution(33291)
Last major update 16-10-2018 - 16:40
Published 03-04-2007 - 00:19
Last modified 16-10-2018 - 16:40
Back to Top