Summary
FreeNAS is prone to a shell-command-execution vulnerability because the application fails to properly sanitize user-supplied input.
An attacker can exploit the remote shell-command-execution issue to execute arbitrary shell commands in the context of the webserver process.
FreeNAS versions prior to 0.7.2 rev.5543 are vulnerable.
References
Updated on 2015-03-25
Severity
Classification
-
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- ActualAnalyzer Lite 'ant' Cookie Parameter Remote Command Execution Vulnerability
- ASP Inline Corporate Calendar SQL injection
- Apache Axis2 Document Type Declaration Processing Security Vulnerability
- Adobe ColdFusion Components (CFC) Denial Of Service Vulnerability
- Atlassian JIRA FishEye and Crucible Plugins XML Parsing Unspecified Security Vulnerability