Detections
Analytics

Mutiny < 4.5-1.12 Unspecified Network Interface Menu Remote Command Injection

high Nessus Plugin ID 62718

Language:

Synopsis

The remote host contains a network monitoring application that is affected by a command injection vulnerability.

Description

The remote web server hosts a version of Mutiny earlier than 4.5-1.12. It is, therefore, reportedly affected by a command injection vulnerability that could allow an authenticated attacker to execute arbitrary commands via the network interface menu.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to version 4.5-1.12 or later.

See Also

http://www.mutiny.com/releasehistory.php

Plugin Details

Severity: High

ID: 62718

File Name: mutiny_4_5_1_12.nasl

Version: 1.10

Type: remote

Family: CGI abuses

Published: 10/26/2012

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 8.5

Temporal Score: 7

Vector: CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:mutiny:standard

Required KB Items: www/mutiny

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/22/2012

Vulnerability Publication Date: 10/22/2012

Exploitable With

Metasploit (Mutiny Remote Command Execution)

Reference Information

CVE: CVE-2012-3001

BID: 56165

CERT: 841851