CVE-2013-0232

{"id": "CVE-2013-0232", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-03-20T15:55:00.910", "references": [{"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698910", "source": "secalert@redhat.com"}, {"url": "http://itsecuritysolutions.org/2013-01-22-ZoneMinder-Video-Server-arbitrary-command-execution-vulnerability/", "tags": ["Exploit"], "source": "secalert@redhat.com"}, {"url": "http://www.debian.org/security/2013/dsa-2640", "source": "secalert@redhat.com"}, {"url": "http://www.exploit-db.com/exploits/24310", "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2013/01/28/2", "source": "secalert@redhat.com"}, {"url": "http://www.osvdb.org/89529", "source": "secalert@redhat.com"}, {"url": "http://www.zoneminder.com/forums/viewtopic.php?f=29&t=20771", "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "includes/functions.php in ZoneMinder Video Server 1.24.0, 1.25.0, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) runState parameter in the packageControl function; or (2) key or (3) command parameter in the setDeviceStatusX10 function."}, {"lang": "es", "value": "includes/functions.php en ZoneMinder Video Server 1v.24.0, v1.25.0, y anteriores permite a atacantes remotos ejecutar comandos arbitarios mediante una shell de metacaracteres en el par\u00e1metro (1) \"runState\" de la funci\u00f3n \"packageControl\", o los par\u00e1metros (2) \"key\" o (3) \"command\" en la funci\u00f3n \"setDeviceStatusX10\"."}], "lastModified": "2013-08-29T06:46:18.417", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zoneminder:zoneminder:1.24.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "13978347-0B65-4FCE-B9B9-F1FA8E34A43A"}, {"criteria": "cpe:2.3:a:zoneminder:zoneminder:1.24.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8793778B-04BE-4585-9BF6-6ACDE046BE9D"}, {"criteria": "cpe:2.3:a:zoneminder:zoneminder:1.24.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AAE57765-EBBD-467B-9B79-4AC466AF6963"}, {"criteria": "cpe:2.3:a:zoneminder:zoneminder:1.24.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B5F2F3F0-8C39-49EE-B14E-CC33EE71A81C"}, {"criteria": "cpe:2.3:a:zoneminder:zoneminder:1.24.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B22B79C6-1FCA-401A-A52C-98E3EE43116E"}, {"criteria": "cpe:2.3:a:zoneminder:zoneminder:1.25.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "52151725-CB55-4E78-B090-34EDB8B18D7F"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}