Lucene search

[email protected]CVE-2007-3572

HistoryJul 05, 2007 - 8:30 p.m.

CVE-2007-3572

2007-07-0520:30:00

[email protected]

web.nvd.nist.gov

cve-2007-3572

vulnerability

web interface

remote code execution

yoggie pico

pico pro

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.7 High

AI Score

Confidence

High

0.049 Low

EPSS

Percentile

92.8%

JSON

Incomplete blacklist vulnerability in cgi-bin/runDiagnostics.cgi in the web interface on the Yoggie Pico and Pico Pro allows remote attackers to execute arbitrary commands via shell metacharacters in the param parameter, as demonstrated by URL encoded “`” (backtick) characters (%60 sequences).

Affected configurations

NVD

Node

yoggiepico

yoggiepico_pro

CPENameOperatorVersion
yoggie:picoyoggie picoeq*
yoggie:pico_proyoggie pico proeq*

CPE	Name	Operator	Version
yoggie:pico	yoggie pico	eq	*
yoggie:pico_pro	yoggie pico pro	eq	*

References

archives.neohapsis.com/archives/fulldisclosure/2007-07/0020.html

archives.neohapsis.com/archives/fulldisclosure/2007-07/0092.html

osvdb.org/37808

secunia.com/advisories/25902

www.securityfocus.com/bid/24743

www.vupen.com/english/advisories/2007/2417

exchange.xforce.ibmcloud.com/vulnerabilities/35208

Social References

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.7 High

AI Score

Confidence

High

0.049 Low

EPSS

Percentile

92.8%

JSON

Related for CVE-2007-3572

cvelist1 nvd1 prion1