CVE-2007-1836

high

Description

The command line administration interface in Data Domain OS before 4.0.3.6 allows remote authenticated users to execute arbitrary commands via shell metacharacters in certain arguments to various commands, as demonstrated by the interface argument to the (1) ifconfig and (2) ping commands.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/33291

http://www.securityfocus.com/bid/23182

http://www.securityfocus.com/archive/1/464085/100/0/threaded

http://securityreason.com/securityalert/2516

http://secunia.com/advisories/24666

http://osvdb.org/34537

Details

Source: Mitre, NVD

Published: 2007-04-03

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.0102