Vulnerability Description
The command line administration interface in Data Domain OS before 4.0.3.6 allows remote authenticated users to execute arbitrary commands via shell metacharacters in certain arguments to various commands, as demonstrated by the interface argument to the (1) ifconfig and (2) ping commands.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Data Domain | Data Domain Os | <= 4.0.3.5 |
References
- http://osvdb.org/34537
- http://secunia.com/advisories/24666
- http://securityreason.com/securityalert/2516
- http://www.securityfocus.com/archive/1/464085/100/0/threaded
- http://www.securityfocus.com/bid/23182
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33291
- http://osvdb.org/34537
- http://secunia.com/advisories/24666
- http://securityreason.com/securityalert/2516
- http://www.securityfocus.com/archive/1/464085/100/0/threaded
- http://www.securityfocus.com/bid/23182
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33291
FAQ
What is CVE-2007-1836?
CVE-2007-1836 is a vulnerability with a CVSS score of 9.0 (HIGH). The command line administration interface in Data Domain OS before 4.0.3.6 allows remote authenticated users to execute arbitrary commands via shell metacharacters in certain arguments to various comm...
How severe is CVE-2007-1836?
CVE-2007-1836 has been rated HIGH with a CVSS base score of 9.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-1836?
Check the references section above for vendor advisories and patch information. Affected products include: Data Domain Data Domain Os.