CVE-2015-2746

high

Description

The network diagnostics tool (CommandLineServlet) in the Appliance Manager command line utility (CLU) in Websense TRITON 7.8.3 and V-Series appliances before 7.8.4 Hotfix 02 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the "second" parameter of a command, as demonstrated by the Destination parameter in the ping command.

References

https://www.exploit-db.com/exploits/36423/

http://www.websense.com/support/article/kbarticle/October-2014-Hotfix-Summary-for-Websense-Solutions

http://www.securityfocus.com/archive/1/534910/100/0/threaded

http://seclists.org/fulldisclosure/2015/Mar/104

Details

Source: Mitre, NVD

Published: 2015-03-26

Updated: 2018-10-09

Risk Information

CVSS v2

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High