Short Name |
HTTP:CVE-2018-16232-CMD-INJ |
---|---|
Severity |
Major |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
IPFire Firewall Web Interface backup.cgi Command Injection |
Release Date |
2019/02/05 |
Update Number |
3139 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability against IPFire Firewall Web Interface. Successful exploitation could lead to arbitrary command injection.
An authenticated command injection vulnerability exists in IPFire Firewall before 2.21 Core Update 124 in backup.cgi. This allows an authenticated user with privileges for the affected page to execute arbitrary commands.