Caldera '/costview3/xmlrpc_server/xmlrpc.php' XMLRPC Request Remote Command Execution

critical Nessus Plugin ID 74324

Synopsis

The remote web server hosts a PHP script that allows arbitrary command execution.

Description

The Caldera installation on the remote host contains a PHP script that is affected by an arbitrary command execution vulnerability. A remote, unauthenticated attacker can exploit this issue by sending a crafted XMLRPC request to the '/costview3/xmlrpc_server/xmlrpc.php' script, allowing for the execution of arbitrary commands on the remote host.

Note that the application is also reportedly affected by a directory traversal vulnerability, multiple variable injection vulnerabilities, and multiple SQL injection vulnerabilities; however, Nessus has not tested for these issues.

Solution

There is no known solution at this time.

Plugin Details

Severity: Critical

ID: 74324

File Name: caldera_9_20_cmd_injection.nasl

Version: 1.6

Type: remote

Family: CGI abuses

Published: 6/5/2014

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 9

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:caldera:caldera

Required KB Items: www/PHP, www/caldera_web

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Vulnerability Publication Date: 5/7/2014

Reference Information

CVE: CVE-2014-2935

BID: 67252

CERT: 693092