Vulnerability Details : CVE-2011-2750
Public exploit exists!
NFRAgent.exe in Novell File Reporter 1.0.4.2 and earlier allows remote attackers to delete arbitrary files via a full pathname in an SRS OPERATION 4 CMD 5 request to /FSF/CMD.
Exploit prediction scoring system (EPSS) score for CVE-2011-2750
Probability of exploitation activity in the next 30 days: 48.52%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 97 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2011-2750
-
Novell File Reporter Agent Arbitrary File Delete
First seen: 2020-04-26auxiliary/admin/http/novell_file_reporter_filedeleteNFRAgent.exe in Novell File Reporter allows remote attackers to delete arbitrary files via a full pathname in an SRS request with OPERATION set to 4 and CMD set to 5 against /FSF/CMD. This module has been tested successfully on NFR Agent 1.0.4.3 (File Reporte
CVSS scores for CVE-2011-2750
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2011-2750
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-2750
-
http://aluigi.org/adv/nfr_2-adv.txt
Exploit
-
http://securitytracker.com/id?1025716
Novell File Reporter Lets Remote Users Delete Arbitrary Files - SecurityTracker
-
http://www.securityfocus.com/archive/1/518626/100/0/threaded
SecurityFocus
-
http://securityreason.com/securityalert/8309
Arbitrary files deletion in Novell File Reporter 1.0.4.2 - CXSecurity.com
Products affected by CVE-2011-2750
- cpe:2.3:a:novell:file_reporter:*:*:*:*:*:*:*:*
- cpe:2.3:a:novell:file_reporter:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:novell:file_reporter:1.0.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:novell:file_reporter:1.0.1:*:*:*:*:*:*:*