CVE-2023-30577 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA-ADP	ADP	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 34%

Affected Products (NVD)

Vendor	Product	Version
zmanda	amanda	𝑥 < 3.5.4

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

amanda

bookworm	1:3.5.1-11+deb12u2 fixed
bullseye	vulnerable
bullseye (security)	1:3.5.1-7+deb11u1 fixed
sid	1:3.5.4-1 fixed
trixie	1:3.5.4-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

amanda

bionic	Fixed 1:3.5.1-1ubuntu0.3+esm1 released
focal	Fixed 1:3.5.1-2ubuntu0.4 released
jammy	Fixed 1:3.5.1-8ubuntu1.4 released
kinetic	ignored
lunar	ignored
mantic	Fixed 1:3.5.1-11ubuntu0.23.10.1 released
noble	not-affected
trusty	ignored
xenial	ignored

Known Exploits!

Common Weakness Enumeration

CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
The software constructs a string for a command to executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.

References

https://github.com/zmanda/amanda/releases/tag/tag-community-3.5.4

https://github.com/zmanda/amanda/security/advisories/GHSA-crrw-v393-h5q3

https://lists.debian.org/debian-lts-announce/2023/12/msg00003.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7OITHG7FBD7HQRX2XT75GSGWB3D6XSZU/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YYGJJARVLRBMNWSNXKZBXZNX3M53OVPA/

https://github.com/zmanda/amanda/releases/tag/tag-community-3.5.4

https://github.com/zmanda/amanda/security/advisories/GHSA-crrw-v393-h5q3

https://lists.debian.org/debian-lts-announce/2023/12/msg00003.html

https://lists.debian.org/debian-lts-announce/2024/09/msg00023.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7OITHG7FBD7HQRX2XT75GSGWB3D6XSZU/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YYGJJARVLRBMNWSNXKZBXZNX3M53OVPA/