Vulnerability Note VU#841851
Mutiny Technology virtual appliance command injection vulnerability
The Mutiny Technology virtual appliance contains a command injection vulnerability which could allow an attacker to inject commands into the appliance.
CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
The Mutiny Technology virtual appliance contains a network interface menu which is vulnerable to command injection with root privileges.
An authenticated attacker can run arbitrary commands on the appliance.
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Mutiny Technologies||Affected||09 Aug 2012||09 Oct 2012|
CVSS Metrics (Learn More)
Thanks to Christopher Campbell for reporting this vulnerability.
This document was written by Michael Orlando.
- CVE IDs: CVE-2012-3001
- Date Public: 07 Oct 2012
- Date First Published: 22 Oct 2012
- Date Last Updated: 22 Oct 2012
- Document Revision: 8
If you have feedback, comments, or additional information about this vulnerability, please send us email.