Vulnerability Description
cgi-bin/iptablesgui.cgi in IPCop (aka IPCop Firewall) before 2.1.5 allows remote authenticated users to execute arbitrary code via shell metacharacters in the TABLE parameter. NOTE: this can be exploited remotely by leveraging a separate cross-site scripting (XSS) vulnerability.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ipcop | Ipcop | <= 2.1.4 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/129697/IPCop-2.1.4-Cross-Site-Request-ForgeExploit
- http://sourceforge.net/p/ipcop/bugs/807/Exploit
- http://www.asafety.fr/vuln-exploit-poc/xss-rce-ipcop-2-1-4-remote-command-executExploit
- http://packetstormsecurity.com/files/129697/IPCop-2.1.4-Cross-Site-Request-ForgeExploit
- http://sourceforge.net/p/ipcop/bugs/807/Exploit
- http://www.asafety.fr/vuln-exploit-poc/xss-rce-ipcop-2-1-4-remote-command-executExploit
FAQ
What is CVE-2013-7418?
CVE-2013-7418 is a vulnerability with a CVSS score of 6.5 (MEDIUM). cgi-bin/iptablesgui.cgi in IPCop (aka IPCop Firewall) before 2.1.5 allows remote authenticated users to execute arbitrary code via shell metacharacters in the TABLE parameter. NOTE: this can be explo...
How severe is CVE-2013-7418?
CVE-2013-7418 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-7418?
Check the references section above for vendor advisories and patch information. Affected products include: Ipcop Ipcop.