CVE-2013-6881

2014-01-0717:04:51

CWE-78

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.7

Confidence

Low

EPSS

0.039

Percentile

92.2%

JSON

CRU Ditto Forensic FieldStation with firmware before 2013Oct15a allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) sector size or (2) skip count fields for the forensic imaging task.

Affected configurations

Nvd

Node

cru-incditto_forensic_fieldstation_firmwareRange≤2013jun30a

AND

cru-incditto_forensic_fieldstationMatch-

VendorProductVersionCPE
cru-incditto_forensic_fieldstation_firmware*cpe:2.3:o:cru-inc:ditto_forensic_fieldstation_firmware:*:*:*:*:*:*:*:*
cru-incditto_forensic_fieldstation-cpe:2.3:h:cru-inc:ditto_forensic_fieldstation:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cru-inc	ditto_forensic_fieldstation_firmware	*	cpe:2.3:o:cru-inc:ditto_forensic_fieldstation_firmware::::::::
cru-inc	ditto_forensic_fieldstation	-	cpe:2.3:h:cru-inc:ditto_forensic_fieldstation:-:::::::*