Vulnerability Details : CVE-2008-6816
Eaton MGEOPS Network Shutdown Module before 3.10 Build 13 allows remote attackers to execute arbitrary code by adding a custom action to the MGE frontend via pane_actionbutton.php, and then executing this action via exec_action.php.
Vulnerability category: Execute codeBypassGain privilege
Products affected by CVE-2008-6816
- cpe:2.3:h:eaton:network_shutdown_module:*:*:*:*:*:*:*:*
- cpe:2.3:h:eaton:network_shutdown_module:3.02:*:*:*:*:*:*:*
- cpe:2.3:h:eaton:network_shutdown_module:3.0:*:*:*:*:*:*:*
- cpe:2.3:h:eaton:network_shutdown_module:2.6:*:*:*:*:*:*:*
- cpe:2.3:h:eaton:network_shutdown_module:3.04:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-6816
12.29%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 95 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-6816
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2008-6816
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-6816
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/46131
-
http://download.mgeops.com/install/win32/nsm/release_note_nsm_320.txt
-
http://www.securityfocus.com/archive/1/497824/100/100/threaded
-
http://www.nruns.com/security_advisory_eaton_mge_ops_network_shutdown_module_authentication_bypass.php
-
http://www.securityfocus.com/bid/31933
Jump to