Sign-up

ID

VAR-201803-2353


TITLE

NetEx HyperIP Post-Auth Remote Command Execution Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2018-05699

DESCRIPTION

HyperIP is a WAN optimized virtual device. Data replication, backup, recovery, and data center migration are possible through the deployment of HyperIP. There is a remote command execution vulnerability in the implementation of HyperIP. The principle of the vulnerability is to set the set_val parameter to a malformed construction parameter when sending Post-Auth through HTTP/HTTPS, which can lead to remote command execution. An attacker could exploit this vulnerability to remotely execute commands or potentially gain control of the server.

Trust: 0.6

sources: CNVD: CNVD-2018-05699

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-05699

AFFECTED PRODUCTS

vendor:netexmodel:hyperipscope:eqversion:6.1.0

Trust: 0.6

sources: CNVD: CNVD-2018-05699

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2018-05699
value: HIGH

Trust: 0.6

CNVD: CNVD-2018-05699
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2018-05699

EXTERNAL IDS

db:CNVDid:CNVD-2018-05699

Trust: 0.6

sources: CNVD: CNVD-2018-05699

REFERENCES

url:https://www.korelogic.com/resources/advisories/kl-001-2018-003.txt

Trust: 0.6

sources: CNVD: CNVD-2018-05699

SOURCES

db:CNVDid:CNVD-2018-05699

LAST UPDATE DATE

2022-05-04T09:47:19.930000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2018-05699date:2018-03-20T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2018-05699date:2018-03-20T00:00:00