FreeNAS Remote Shell Command Execution Vulnerability Network Vulnerability

Summary

FreeNAS is prone to a shell-command-execution vulnerability because the application fails to properly sanitize user-supplied input. An attacker can exploit the remote shell-command-execution issue to execute arbitrary shell commands in the context of the webserver process. FreeNAS versions prior to 0.7.2 rev.5543 are vulnerable.

References

http://sourceforge.net/projects/freenas/
https://www.securityfocus.com/bid/44974

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

AlienVault Open Source SIEM (OSSIM) 'timestamp' Parameter Directory Traversal Vulnerability
artmedic_links5 File Inclusion Vulnerability
Artifectx xClassified 'catid' SQL Injection Vulnerability
Arkeia Appliance Path Traversal Vulnerability
AlstraSoft AskMe Pro 'forum_answer.php' and 'profile.php' Multiple SQL Injection Vulnerabilities

Take action and discover your vulnerabilities