Vulnerability Details : CVE-2012-0262
Public exploit exists!
op5config/welcome in system-op5config before 2.0.3 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the password parameter.
Products affected by CVE-2012-0262
- cpe:2.3:a:op5:monitor:*:*:*:*:*:*:*:*
- cpe:2.3:a:op5:monitor:5.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:op5:monitor:5.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:op5:monitor:5.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:op5:monitor:5.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:op5:system-op5config:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-0262
91.15%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2012-0262
-
OP5 welcome Remote Command Execution
Disclosure Date: 2012-01-05First seen: 2020-04-26exploit/multi/http/op5_welcomeThis module exploits an arbitrary root command execution vulnerability in OP5 Monitor welcome. Ekelow AB has confirmed that OP5 Monitor versions 5.3.5, 5.4.0, 5.4.2, 5.5.0, 5.5.1 are vulnerable. Authors: - Peter Osterberg <j@vel.nu>
CVSS scores for CVE-2012-0262
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2012-0262
-
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-0262
-
http://www.osvdb.org/78065
404 Not Found
-
http://secunia.com/advisories/47417
Sign inVendor Advisory
-
http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf
Exploit
-
http://seclists.org/fulldisclosure/2012/Jan/62
Full Disclosure: OP5 Monitor - Multiple Vulnerabilities
-
http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/
OP5: Offering Enterprise IT Monitoring and Log Analysis
-
https://bugs.op5.com/view.php?id=5094
Jump to