{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-10-15T00:00:00", "descriptions": [{"lang": "en", "value": "An authenticated command injection vulnerability exists in IPFire Firewall before 2.21 Core Update 124 in backup.cgi. This allows an authenticated user with privileges for the affected page to execute arbitrary commands."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-12-11T22:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://doddsecurity.com/213/command-injection-on-ipfire-firewalls/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.ipfire.org/news/ipfire-2-21-core-update-124-released"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-16232", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An authenticated command injection vulnerability exists in IPFire Firewall before 2.21 Core Update 124 in backup.cgi. This allows an authenticated user with privileges for the affected page to execute arbitrary commands."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://doddsecurity.com/213/command-injection-on-ipfire-firewalls/", "refsource": "MISC", "url": "https://doddsecurity.com/213/command-injection-on-ipfire-firewalls/"}, {"name": "https://www.ipfire.org/news/ipfire-2-21-core-update-124-released", "refsource": "CONFIRM", "url": "https://www.ipfire.org/news/ipfire-2-21-core-update-124-released"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T10:17:38.391Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://doddsecurity.com/213/command-injection-on-ipfire-firewalls/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.ipfire.org/news/ipfire-2-21-core-update-124-released"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-16232", "datePublished": "2018-10-17T14:00:00", "dateReserved": "2018-08-30T00:00:00", "dateUpdated": "2024-08-05T10:17:38.391Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ipfire:ipfire:1.49:*:*:*:*:*:*:*", "matchCriteriaId": "9B0D188D-1FEF-4D8D-8F7B-FDEC5B1D5C62", "vulnerable": true}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "95E14CC2-01A9-4DAF-8C35-80EEE8261B05", "vulnerable": true}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.1:core_update16:*:*:*:*:*:*", "matchCriteriaId": "010CC3DA-152C-43BA-ADEC-872437818293", "vulnerable": true}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.11:core_update53:*:*:*:*:*:*", "matchCriteriaId": "16D54BA8-1213-4196-B8BF-F67D31091474", "vulnerable": true}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.11:core_update54:*:*:*:*:*:*", "matchCriteriaId": "C0D3621F-C72B-4F87-A159-784A5B9F12A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.11:core_update59:*:*:*:*:*:*", "matchCriteriaId": "8DA7EB5C-60B3-4E7F-826B-F4FAF75A0B3D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.11:core_update60:*:*:*:*:*:*", "matchCriteriaId": "B2E6BA4C-342B-406F-B4DA-A493DFEF6CED", "vulnerable": true}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.11:core_update62:*:*:*:*:*:*", "matchCriteriaId": "C632AB41-57BE-4AF4-8137-073018EB3D3D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.11:core_update64:*:*:*:*:*:*", "matchCriteriaId": "4B6EE7BE-B919-4C5C-B2AF-B0601F805469", "vulnerable": true}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.13:core_update66:*:*:*:*:*:*", "matchCriteriaId": "0FB71E3F-EE6D-4FE8-ABDB-AC109FB48525", "vulnerable": true}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.13:core_update67:*:*:*:*:*:*", "matchCriteriaId": "81D6644A-A427-411D-AAA0-D30251361C0F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.13:core_update71:*:*:*:*:*:*", "matchCriteriaId": "FCC6E491-E87F-41E2-908E-0D3DC54B98F7", "vulnerable": true}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.13:core_update72:*:*:*:*:*:*", "matchCriteriaId": "11AF1643-8CB1-48AE-A551-5BA3EE7DCCE1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.13:core_update73:*:*:*:*:*:*", "matchCriteriaId": "80D0B2A5-9BF2-45D0-8BD0-A13C8EDC088C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.13:core_update74:*:*:*:*:*:*", "matchCriteriaId": "B865AA4B-8E5F-435B-BAB8-A8683EE662A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.13:core_update75:*:*:*:*:*:*", "matchCriteriaId": "2F80F6AE-8839-4C88-BEB7-2748731B0506", "vulnerable": true}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.13:core_update76:*:*:*:*:*:*", "matchCriteriaId": "478865C5-0CC8-4C61-98B2-F710D4721577", "vulnerable": true}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.13:rc_1:*:*:*:*:*:*", "matchCriteriaId": "E59A7FBC-4003-4B34-BA07-BC4FDCF50CF5", "vulnerable": true}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.13:rc_2:*:*:*:*:*:*", "matchCriteriaId": "96DCD3B6-298D-4B75-8060-AD6672AD6082", "vulnerable": true}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.15:76_rc1:*:*:*:*:*:*", "matchCriteriaId": "02F4735A-4596-417E-8E66-B09D03D028E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.15:77_rc1:*:*:*:*:*:*", "matchCriteriaId": "E9F04F47-654D-492F-B297-CBD1E46A9339", "vulnerable": true}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.15:77_rc2:*:*:*:*:*:*", "matchCriteriaId": "8E0674AC-5073-4A9E-8E41-118895C151E5", "vulnerable": true}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.15:core_update79:*:*:*:*:*:*", "matchCriteriaId": "6DA2BE93-0BE2-4BD9-8DE4-6C8F4FE2FD55", "vulnerable": true}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.15:core_update81:*:*:*:*:*:*", "matchCriteriaId": "07391A2D-D0B5-4344-BE10-5AB92EBF4236", "vulnerable": true}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.15:core_update82:*:*:*:*:*:*", "matchCriteriaId": "0143C1E8-8682-4BC0-860E-5D551590B912", "vulnerable": true}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.15:core_update83:*:*:*:*:*:*", "matchCriteriaId": "9DDDC3CB-6E59-4DEE-AA79-C5BC174D7D7E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.15:core_update84:*:*:*:*:*:*", "matchCriteriaId": "35A65A36-F4D9-453B-AFEA-0FD221E024C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.15:core_update85:*:*:*:*:*:*", "matchCriteriaId": "5AF36E7A-228E-438E-B4AE-16812AFD10CA", "vulnerable": true}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.17:86_beta1:*:*:*:*:*:*", "matchCriteriaId": "7C838817-D42C-40E7-8848-CBF1ADFFCA72", "vulnerable": true}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.17:87_rc1:*:*:*:*:*:*", "matchCriteriaId": "25253D7E-25B1-4D5E-83BF-01B338620022", "vulnerable": true}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.17:core_update88:*:*:*:*:*:*", "matchCriteriaId": "57AF09F3-F92D-44A0-ACF5-5B6B71D61F22", "vulnerable": true}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.17:core_update89:*:*:*:*:*:*", "matchCriteriaId": "B2B1998C-1DA4-42A0-9019-DEE2F2049CC9", "vulnerable": true}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.17:core_update91:*:*:*:*:*:*", "matchCriteriaId": "E5A171F6-3F99-4D70-A890-8475DF21F9F7", "vulnerable": true}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.17:core_update93:*:*:*:*:*:*", "matchCriteriaId": "F31769AB-E4FF-46A8-A158-ACBB3A63F08D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.17:core_update95:*:*:*:*:*:*", "matchCriteriaId": "30DE72EB-6C09-42B8-9D03-AF7564CFC1C8", "vulnerable": true}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.17:core_update97:*:*:*:*:*:*", "matchCriteriaId": "559D3B06-2736-47F2-8085-7EEB8CE388B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.17:core_update98:*:*:*:*:*:*", "matchCriteriaId": "FDA19615-FFCA-462A-8634-011C67E8742E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.17:core_update99:*:*:*:*:*:*", "matchCriteriaId": "C18B6E06-7E8C-46CF-B047-F179C779A205", "vulnerable": true}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.19:core_update100:*:*:*:*:*:*", "matchCriteriaId": "4FBF2D42-5DF7-43A4-8192-DB7EAC2FEA1B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.19:core_update101:*:*:*:*:*:*", "matchCriteriaId": "075A68E4-0663-47EB-9142-F0ACDC279A34", "vulnerable": true}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.19:core_update102:*:*:*:*:*:*", "matchCriteriaId": "121EC799-AB87-4EF8-A660-7E204CE9074C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.19:core_update105:*:*:*:*:*:*", "matchCriteriaId": "614873BF-79C2-4059-90E9-B253BCD7DB12", "vulnerable": true}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.19:core_update106:*:*:*:*:*:*", "matchCriteriaId": "10719BE9-6312-4386-B35D-91C1E5385293", "vulnerable": true}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.19:core_update107:*:*:*:*:*:*", "matchCriteriaId": "BD6E7DF7-0297-4CAD-B42F-7F00F9C44E49", "vulnerable": true}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.19:core_update108:*:*:*:*:*:*", "matchCriteriaId": "D1FB0648-D928-404C-BFAA-C06504849E16", "vulnerable": true}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.19:core_update111:*:*:*:*:*:*", "matchCriteriaId": "2570142D-36DD-43AD-BC59-E7F6CB3E3B0A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.19:core_update112:*:*:*:*:*:*", "matchCriteriaId": "AF8D4C98-B679-4749-BDFE-A927BE8FAD03", "vulnerable": true}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.19:core_update113:*:*:*:*:*:*", "matchCriteriaId": "517C8F46-F0A1-4CB8-B4CE-9811F95127D8", "vulnerable": true}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.19:core_update114:*:*:*:*:*:*", "matchCriteriaId": "BC6AF24F-B218-48DA-9B0B-6900AC102AA2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.19:core_update116:*:*:*:*:*:*", "matchCriteriaId": "9E5D0AA0-BAC7-43EA-9C1F-F83A09355473", "vulnerable": true}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.19:core_update117:*:*:*:*:*:*", "matchCriteriaId": "F4E0AB66-F1BE-436A-AD6A-432EA0BDEFAF", "vulnerable": true}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.19:core_update118:*:*:*:*:*:*", "matchCriteriaId": "00A9735D-9D6D-4D1A-AB10-8B5A3DBFDC8F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.19:core_update119:*:*:*:*:*:*", "matchCriteriaId": "12878218-7835-4B5D-A9DD-B16C80841340", "vulnerable": true}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.19:core_update120:*:*:*:*:*:*", "matchCriteriaId": "B0DF9BD4-732E-49D8-AB39-674CEA84257F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.21:core_update122:*:*:*:*:*:*", "matchCriteriaId": "8BCC19C9-A006-4052-AE58-5705A796B099", "vulnerable": true}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.21:core_update123:*:*:*:*:*:*", "matchCriteriaId": "CDBA596B-AD90-4B52-AE33-47D15EC97F85", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An authenticated command injection vulnerability exists in IPFire Firewall before 2.21 Core Update 124 in backup.cgi. This allows an authenticated user with privileges for the affected page to execute arbitrary commands."}, {"lang": "es", "value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos autenticada en IPFire Firewall en versiones anteriores a la 2.21 Core Update 124 en backup.cgi. Esto permite que un usuario autenticado con privilegios para la p\u00e1gina afectada ejecute comandos arbitrarios."}], "id": "CVE-2018-16232", "lastModified": "2019-10-03T00:03:26.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-10-17T14:29:01.163", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "https://doddsecurity.com/213/command-injection-on-ipfire-firewalls/"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.ipfire.org/news/ipfire-2-21-core-update-124-released"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}