nvd-json-data-feeds/CVE-2007/CVE-2007-18xx/CVE-2007-1836.json

{
  "id": "CVE-2007-1836",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2007-04-03T00:19:00.000",
  "lastModified": "2018-10-16T16:40:49.443",
  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
      "value": "The command line administration interface in Data Domain OS before 4.0.3.6 allows remote authenticated users to execute arbitrary commands via shell metacharacters in certain arguments to various commands, as demonstrated by the interface argument to the (1) ifconfig and (2) ping commands."
    },
    {
      "lang": "es",
      "value": "La linea de comando de la interafaz de administraci\u00f3n en Data Domain OS anterior a 4.0.3.6 permite a usuarios remotos validados ejecutar comandos de su elecci\u00f3n a trav\u00e9s de los metacaracteres de la shell en ciertos argumentos en varios comandos, como se demostr\u00f3 por los argumentos del interfaz en los comandos (1) ifconfig y (2) ping."
    }
  ],
  "metrics": {
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "SINGLE",
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "acInsufInfo": false,
        "obtainAllPrivilege": true,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:data_domain:data_domain_os:*:*:*:*:*:*:*:*",
              "versionEndIncluding": "4.0.3.5",
              "matchCriteriaId": "71AD696B-4E4E-4216-9CFC-4AC0408AFD1A"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://securityreason.com/securityalert/2516",
      "source": "cve@mitre.org"
    },
    {
      "url": "http://www.securityfocus.com/archive/1/464085/100/0/threaded",
      "source": "cve@mitre.org"
    },
    {
      "url": "http://www.securityfocus.com/bid/23182",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33291",
      "source": "cve@mitre.org"
    }
  ]
}