Sign-up

ID

VAR-201701-1164


TITLE

Guofuan Security Authentication Gateway Has Arbitrary Command Execution Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2016-11493

DESCRIPTION

Guofuan Security Authentication Gateway is a device for user identity authentication, access and access control, which can guarantee the information security of network and application resources. Guofuan Security Authentication Gateway double_view.php page has an arbitrary command execution vulnerability. An attacker could execute arbitrary system commands through this vulnerability, which could lead to the disclosure of sensitive information or damage to the system.

Trust: 0.6

sources: CNVD: CNVD-2016-11493

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-11493

AFFECTED PRODUCTS

vendor:guofuan e commerce security certificationmodel:gatewayscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2016-11493

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2016-11493
value: HIGH

Trust: 0.6

CNVD: CNVD-2016-11493
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2016-11493

PATCH

title:Guofuan Security Authentication Gateway Has Remote Command Execution Vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/84329

Trust: 0.6

sources: CNVD: CNVD-2016-11493

EXTERNAL IDS

db:CNVDid:CNVD-2016-11493

Trust: 0.6

sources: CNVD: CNVD-2016-11493

SOURCES

db:CNVDid:CNVD-2016-11493

LAST UPDATE DATE

2022-05-04T09:43:52.853000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2016-11493date:2016-12-05T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2016-11493date:2017-01-08T00:00:00