Vulnerability Details : CVE-2012-2104
Potential exploit
cgi-bin/munin-cgi-graph in Munin 2.x writes data to a log file without sanitizing non-printable characters, which might allow user-assisted remote attackers to inject terminal emulator escape sequences and execute arbitrary commands or delete arbitrary files via a crafted HTTP request.
Products affected by CVE-2012-2104
- cpe:2.3:a:munin-monitoring:munin:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:munin-monitoring:munin:2.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-2104
3.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 85 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-2104
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2012-2104
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-2104
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/74885
Munin munin-cgi-graph.log command execution CVE-2012-2104 Vulnerability Report
-
http://www.openwall.com/lists/oss-security/2012/04/16/5
oss-security - CVE Request (minor) -- Two Munin graphing framework flaws
-
http://www.openwall.com/lists/oss-security/2012/04/16/6
oss-security - Re: CVE Request (minor) -- Two Munin graphing framework flaws
-
http://www.securityfocus.com/bid/53032
Munin Remote Command Injection VulnerabilityExploit
-
https://support.citrix.com/article/CTX236992
Citrix SD-WAN Multiple Security Updates
-
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668666
#668666 - munin-cgi-graph: enables injecting arbitrary strings into munin-cgi-graph.log - Debian Bug report logs
Jump to