CVE-2018-16232

EUVD-2018-8084
An authenticated command injection vulnerability exists in IPFire Firewall before 2.21 Core Update 124 in backup.cgi. This allows an authenticated user with privileges for the affected page to execute arbitrary commands.
OS Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 97%
Affected Products (NVD)
VendorProductVersion
ipfireipfire
1.49
ipfireipfire
2.1
ipfireipfire
2.1:core_update16
ipfireipfire
2.11:core_update53
ipfireipfire
2.11:core_update54
ipfireipfire
2.11:core_update59
ipfireipfire
2.11:core_update60
ipfireipfire
2.11:core_update62
ipfireipfire
2.11:core_update64
ipfireipfire
2.13:core_update66
ipfireipfire
2.13:core_update67
ipfireipfire
2.13:core_update71
ipfireipfire
2.13:core_update72
ipfireipfire
2.13:core_update73
ipfireipfire
2.13:core_update74
ipfireipfire
2.13:core_update75
ipfireipfire
2.13:core_update76
ipfireipfire
2.13:rc_1
ipfireipfire
2.13:rc_2
ipfireipfire
2.15:76_rc1
ipfireipfire
2.15:77_rc1
ipfireipfire
2.15:77_rc2
ipfireipfire
2.15:core_update79
ipfireipfire
2.15:core_update81
ipfireipfire
2.15:core_update82
ipfireipfire
2.15:core_update83
ipfireipfire
2.15:core_update84
ipfireipfire
2.15:core_update85
ipfireipfire
2.17:86_beta1
ipfireipfire
2.17:87_rc1
ipfireipfire
2.17:core_update88
ipfireipfire
2.17:core_update89
ipfireipfire
2.17:core_update91
ipfireipfire
2.17:core_update93
ipfireipfire
2.17:core_update95
ipfireipfire
2.17:core_update97
ipfireipfire
2.17:core_update98
ipfireipfire
2.17:core_update99
ipfireipfire
2.19:core_update100
ipfireipfire
2.19:core_update101
ipfireipfire
2.19:core_update102
ipfireipfire
2.19:core_update105
ipfireipfire
2.19:core_update106
ipfireipfire
2.19:core_update107
ipfireipfire
2.19:core_update108
ipfireipfire
2.19:core_update111
ipfireipfire
2.19:core_update112
ipfireipfire
2.19:core_update113
ipfireipfire
2.19:core_update114
ipfireipfire
2.19:core_update116
ipfireipfire
2.19:core_update117
ipfireipfire
2.19:core_update118
ipfireipfire
2.19:core_update119
ipfireipfire
2.19:core_update120
ipfireipfire
2.21:core_update122
ipfireipfire
2.21:core_update123
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://doddsecurity.com/213/command-injection-on-ipfire-firewalls/
https://www.ipfire.org/news/ipfire-2-21-core-update-124-released
https://doddsecurity.com/213/command-injection-on-ipfire-firewalls/
https://www.ipfire.org/news/ipfire-2-21-core-update-124-released