FreeNAS Remote Shell Command Execution Vulnerability Network Vulnerability

Summary

FreeNAS is prone to a shell-command-execution vulnerability because the application fails to properly sanitize user-supplied input. An attacker can exploit the remote shell-command-execution issue to execute arbitrary shell commands in the context of the webserver process. FreeNAS versions prior to 0.7.2 rev.5543 are vulnerable.

References

http://sourceforge.net/projects/freenas/
https://www.securityfocus.com/bid/44974

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

ActualAnalyzer Lite 'ant' Cookie Parameter Remote Command Execution Vulnerability
ASP Inline Corporate Calendar SQL injection
Apache Axis2 Document Type Declaration Processing Security Vulnerability
Adobe ColdFusion Components (CFC) Denial Of Service Vulnerability
Atlassian JIRA FishEye and Crucible Plugins XML Parsing Unspecified Security Vulnerability

Take action and discover your vulnerabilities