Security Bulletin: IBM Security Network Protection is affected by Shell Command Injection vulnerability (CVE-2014-6183)

Summary

A Shell Command Injection vulnerability has been discovered in IBM Security Network Protection.

Vulnerability Details

CVE-ID:CVE-2014-6183

**Description:**IBM Security Network Protection could allow a remote attacker to execute arbitrary commands on the system. An authenticated attacker could exploit this vulnerability to inject and execute arbitrary shell commands on the system.

CVSS:
CVSS Base Score: 9.0
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/98519 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:C/I:C/A:C)

Affected Products and Versions

**Products:IBM Security Network Protection****(XGS)**models 3100, 4100, 5100, 7100

Firmware versions: 5.1, 5.1.1, 5.1.2, 5.1.2.1, 5.2, 5.3

Remediation/Fixes

IBM has provided patches for all affected versions. Follow the installation instructions in the README files included with the patch.

• 5.1.0.0-ISS-XGS-All-Models-Hotfix-FP0013 for IBM Security Network Protection products at version 5.1
• • 5.1.1.0-ISS-XGS-All-Models-Hotfix-FP0008 for IBM Security Network Protection products at version 5.1.1
• • 5.1.2.0-ISS-XGS-All-Models-Hotfix-FP0009 for IBM Security Network Protection products at version 5.1.2
• • 5.1.2.1-ISS-XGS-All-Models-Hotfix-FP0005 for IBM Security Network Protection products at version 5.1.2.1
• • 5.2.0.0-ISS-XGS-All-Models-Hotfix-FP0005 for IBM Security Network Protection products at version 5.2
• • 5.3.0.0-ISS-XGS-All-Models-Hotfix-FP0001 for IBM Security Network Protection products at version 5.3

Workarounds and Mitigations

None

**