CVE-2018-16232

high

Description

An authenticated command injection vulnerability exists in IPFire Firewall before 2.21 Core Update 124 in backup.cgi. This allows an authenticated user with privileges for the affected page to execute arbitrary commands.

References

https://www.ipfire.org/news/ipfire-2-21-core-update-124-released

https://doddsecurity.com/213/command-injection-on-ipfire-firewalls/

Details

Source: Mitre, NVD

Published: 2018-10-17

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.07786