NVD

Id
85948  
Name
CVE-2017-6079  
Description
The HTTP web-management application on Edgewater Networks Edgemarc appliances has a hidden page that allows for user-defined commands such as specific iptables routes, etc., to be set. You can use this page as a web shell essentially to execute commands, though you get no feedback client-side from the web application: if the command is valid, it executes. An example is the wget command. The page that allows this has been confirmed in firmware as old as 2006.  
Reject
 
CVSS Version
2  
CVSS Score
10  
Severity
High  
CVSS Base Score
10  
CVSS Impact Subscore
10  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:C/I:C/A:C)  
Pub Date
2017-05-27  
Published
2017-05-16  
Modified Date
2017-05-25  
Seq
2017-6079  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
422586 85948 CVE-2017-0348 http://nvidia.custhelp.com/app/answers/detail/a_id/4462  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
67887 JVNDB-2017-004169 Edgewater Networks Edgemarc アプライアンスにおけるコマンドインジェクションの脆弱性 Edgewater Networks Edgemarc アプライアンスには、コマンドインジェクションの脆弱性が存在します。 CVE-2017-6079 0 CVE-2017-6079 85948 10 9.8 http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-004169.html 2017-05-16 2017-06-19 View