Vulnerability Description
CRU Ditto Forensic FieldStation with firmware before 2013Oct15a allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) sector size or (2) skip count fields for the forensic imaging task.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cru-Inc | Ditto Forensic Fieldstation Firmware | <= 2013jun30a |
| Cru-Inc | Ditto Forensic Fieldstation | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/124420/Ditto-Forensic-FieldStation-2013Oct1Exploit
- http://seclists.org/fulldisclosure/2013/Dec/80Exploit
- http://secunia.com/advisories/55989Vendor Advisory
- http://www.cru-inc.com/support/software-downloads/ditto-firmware-updates/ditto-fVendor Advisory
- http://www.cru-inc.com/support/software-downloads/ditto-firmware-updates/ditto-fVendor Advisory
- http://www.exploit-db.com/exploits/30396Exploit
- http://packetstormsecurity.com/files/124420/Ditto-Forensic-FieldStation-2013Oct1Exploit
- http://seclists.org/fulldisclosure/2013/Dec/80Exploit
- http://secunia.com/advisories/55989Vendor Advisory
- http://www.cru-inc.com/support/software-downloads/ditto-firmware-updates/ditto-fVendor Advisory
- http://www.cru-inc.com/support/software-downloads/ditto-firmware-updates/ditto-fVendor Advisory
- http://www.exploit-db.com/exploits/30396Exploit
FAQ
What is CVE-2013-6881?
CVE-2013-6881 is a vulnerability with a CVSS score of 10.0 (HIGH). CRU Ditto Forensic FieldStation with firmware before 2013Oct15a allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) sector size or (2) skip count fields for the f...
How severe is CVE-2013-6881?
CVE-2013-6881 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-6881?
Check the references section above for vendor advisories and patch information. Affected products include: Cru-Inc Ditto Forensic Fieldstation Firmware, Cru-Inc Ditto Forensic Fieldstation.