Detections
Analytics

WANem result.php pc Parameter Remote Command Execution

high Nessus Plugin ID 62737

Language:

Synopsis

The remote web server hosts a web application that is affected by a remote command execution vulnerability.

Description

The remote web server hosts a version of WANem that is affected by a remote command execution vulnerability. The result.php script does not properly sanitize the 'pc' parameter. This can allow remote attackers to execute commands on the remote host, including with root privileges if utilizing the dosu binary installed on the appliance.

Solution

There is no known solution. As a workaround, either disable or restrict access to the application.

See Also

http://www.nessus.org/u?60995f52

Plugin Details

Severity: High

ID: 62737

File Name: wanem_result_command_exec.nasl

Version: 1.12

Type: remote

Family: CGI abuses

Published: 10/29/2012

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 9.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 8.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:U/RC:X

Vulnerability Information

CPE: x-cpe:/a:tata:wanem

Required KB Items: www/wanem

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Vulnerability Publication Date: 8/12/2012

Exploitable With

Metasploit (WAN Emulator v2.3 Command Execution)

Elliot (WANem 2.3 RCE)

Reference Information

BID: 55485