Vulnerability Description
The send_to_sourcefire function in manage_sql.c in OpenVAS Manager 3.x before 3.0.4 allows remote attackers to execute arbitrary commands via the (1) IP address or (2) port number field in an OMP request.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openvas | Openvas Manager | 3.0 |
Related Weaknesses (CWE)
References
- http://archives.neohapsis.com/archives/bugtraq/2012-11/0047.html
- http://archives.neohapsis.com/archives/bugtraq/2012-11/0055.html
- http://archives.neohapsis.com/archives/bugtraq/2012-11/0059.html
- http://openwall.com/lists/oss-security/2012/11/13/12
- http://openwall.com/lists/oss-security/2012/11/13/9
- http://openwall.com/lists/oss-security/2012/11/14/11
- http://openwall.com/lists/oss-security/2012/11/14/5
- http://secunia.com/advisories/49128
- http://wald.intevation.org/scm/viewvc.php?view=rev&root=openvas&revision=14437
- http://www.openvas.org/OVSA20121112.htmlExploitPatchVendor Advisory
- http://www.securityfocus.com/bid/56497
- http://archives.neohapsis.com/archives/bugtraq/2012-11/0047.html
- http://archives.neohapsis.com/archives/bugtraq/2012-11/0055.html
- http://archives.neohapsis.com/archives/bugtraq/2012-11/0059.html
- http://openwall.com/lists/oss-security/2012/11/13/12
FAQ
What is CVE-2012-5520?
CVE-2012-5520 is a vulnerability with a CVSS score of 7.5 (HIGH). The send_to_sourcefire function in manage_sql.c in OpenVAS Manager 3.x before 3.0.4 allows remote attackers to execute arbitrary commands via the (1) IP address or (2) port number field in an OMP requ...
How severe is CVE-2012-5520?
CVE-2012-5520 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-5520?
Check the references section above for vendor advisories and patch information. Affected products include: Openvas Openvas Manager.