CVE-2016-1608

8.8HIGH

Key Information:

Vendor: Novell
Status: Filr
Vendor: CVE Published:; 1 August 2016

Summary

vaconfig/time in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the ntpServer parameter.

References

http://seclists.org/bugtraq/2016/Jul/119

mailing-listx_refsource_BUGTRAQ

https://download.novell.com/Download?buildid=3V-3ArYN85I~

x_refsource_CONFIRM

https://www.exploit-db.com/exploits/40161/

exploitx_refsource_EXPLOIT-DB

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 1, 2016
Vulnerability Reserved
Jan 12, 2016

Collectors

NVD DatabaseMitre Database