CVE-2012-3366

CVSS V2 High 9 CVSS V3 None
Description
The Trigger plugin in bcfg2 1.2.x before 1.2.3 allows remote attackers with root access to the client to execute arbitrary commands via shell metacharacters in the UUID field to the server process (bcfg2-server).
Overview
  • CVE ID
  • CVE-2012-3366
  • Assigner
  • secalert@redhat.com
  • Vulnerability Status
  • Modified
  • Published Version
  • 2012-07-03T16:40:35
  • Last Modified Date
  • 2017-08-29T01:31:54
Weakness Enumerations
CWE URL
CWE-78 http://cwe.mitre.org/data/definitions/78.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:anl:bcfg2:1.2.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:anl:bcfg2:1.2.0:rc2:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:L/Au:S/C:C/I:C/A:C
  • Access Vector
  • NETWORK
  • Access Compatibility
  • LOW
  • Authentication
  • SINGLE
  • Confidentiality Impact
  • COMPLETE
  • Integrity Impact
  • COMPLETE
  • Availability Impact
  • COMPLETE
  • Base Score
  • 9
  • Severity
  • HIGH
  • Exploitability Score
  • 8
  • Impact Score
  • 10
References
Reference URL Reference Tags
http://secunia.com/advisories/49690 Vendor Advisory
http://www.debian.org/security/2012/dsa-2503
http://www.securityfocus.com/bid/54217
http://permalink.gmane.org/gmane.comp.sysutils.bcfg2.devel/4539
https://github.com/Bcfg2/bcfg2/commit/a524967e8d5c4c22e49cd619aed20c87a316c0be Patch
http://secunia.com/advisories/49629 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/76616
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2012-3366
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3366
History
Created Old Value New Value Data Type Notes
2022-05-10 08:49:15 Added to TrackCVE