University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection, which might allow remote attackers to execute arbitrary OS commands if the IMAP server name is untrusted input (e.g., entered by a user of a web application) and if rsh has been replaced by a program with different argument semantics. For example, if rsh is a link to ssh (as seen on Debian and Ubuntu systems), then the attack can use an IMAP server name containing a "-oProxyCommand" argument.
Published 2018-11-25 10:29:00
Updated 2022-04-18 18:12:29
Source MITRE
View at NVD,   CVE.org

Products affected by CVE-2018-19518

Threat overview for CVE-2018-19518

Top countries where our scanners detected CVE-2018-19518
Top open port discovered on systems with this issue 80
IPs affected by CVE-2018-19518 197,858
Threat actors abusing to this issue? Yes
Find out if you* are affected by CVE-2018-19518!
*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2018-19518

96.93%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2018-19518

  • php imap_open Remote Code Execution
    Disclosure Date: 2018-10-23
    First seen: 2020-04-26
    exploit/linux/http/php_imap_open_rce
    The imap_open function within php, if called without the /norsh flag, will attempt to preauthenticate an IMAP session. On Debian based systems, including Ubuntu, rsh is mapped to the ssh binary. Ssh's ProxyCommand option can be passed from imap_open to execute arbitrary co

CVSS scores for CVE-2018-19518

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
8.5
HIGH AV:N/AC:M/Au:S/C:C/I:C/A:C
6.8
10.0
NIST
7.5
HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1.6
5.9
NIST

CWE ids for CVE-2018-19518

References for CVE-2018-19518

Jump to
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!