Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:CVE-2018-16232-CMD-INJ |
|---|---|
Severity |
Major |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
IPFire Firewall Web Interface backup.cgi Command Injection |
Release Date |
2019/02/05 |
Update Number |
3139 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: IPFire Firewall Web Interface backup.cgi Command Injection
This signature detects attempts to exploit a known vulnerability against IPFire Firewall Web Interface. Successful exploitation could lead to arbitrary command injection.
Extended Description
An authenticated command injection vulnerability exists in IPFire Firewall before 2.21 Core Update 124 in backup.cgi. This allows an authenticated user with privileges for the affected page to execute arbitrary commands.
Affected Products
- Ipfire ipfire 1.49
- Ipfire ipfire 2.1
- Ipfire ipfire 2.11
- Ipfire ipfire 2.13
- Ipfire ipfire 2.15
- Ipfire ipfire 2.17
- Ipfire ipfire 2.19
- Ipfire ipfire 2.21
References