Vulnerability Description
Incomplete blacklist vulnerability in cgi-bin/runDiagnostics.cgi in the web interface on the Yoggie Pico and Pico Pro allows remote attackers to execute arbitrary commands via shell metacharacters in the param parameter, as demonstrated by URL encoded "`" (backtick) characters (%60 sequences).
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Yoggie | Pico | All versions |
| Yoggie | Pico Pro | All versions |
References
- http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0020.htmlExploit
- http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0092.html
- http://osvdb.org/37808
- http://secunia.com/advisories/25902ExploitVendor Advisory
- http://www.securityfocus.com/bid/24743Exploit
- http://www.vupen.com/english/advisories/2007/2417
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35208
- http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0020.htmlExploit
- http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0092.html
- http://osvdb.org/37808
- http://secunia.com/advisories/25902ExploitVendor Advisory
- http://www.securityfocus.com/bid/24743Exploit
- http://www.vupen.com/english/advisories/2007/2417
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35208
FAQ
What is CVE-2007-3572?
CVE-2007-3572 is a vulnerability with a CVSS score of 9.3 (HIGH). Incomplete blacklist vulnerability in cgi-bin/runDiagnostics.cgi in the web interface on the Yoggie Pico and Pico Pro allows remote attackers to execute arbitrary commands via shell metacharacters in ...
How severe is CVE-2007-3572?
CVE-2007-3572 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-3572?
Check the references section above for vendor advisories and patch information. Affected products include: Yoggie Pico, Yoggie Pico Pro.