Published: 26/03/2015 Updated: 09/10/2018

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

VMScore: 655

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

The network diagnostics tool (CommandLineServlet) in the Appliance Manager command line utility (CLU) in Websense TRITON 7.8.3 and V-Series appliances prior to 7.8.4 Hotfix 02 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the "second" parameter of a command, as demonstrated by the Destination parameter in the ping command.

Vulnerable Product	Search on Vulmon	Subscribe to Product
websense v-series appliances
websense triton 7.8.3

Abstract A command injection vulnerability was found in Websense Appliance Manager that allows an attacker to execute arbitrary code on the appliance This issue can be combined with other vulnerabilities, like Cross-Site Scripting, to perform a remote unauthenticated attacks to compromise the appliance Tested versions This issue was discover ...

CWE-77 http://packetstormsecurity.com/files/130899/Websense-Appliance-Manager-Command-Injection.html http://www.websense.com/support/article/kbarticle/October-2014-Hotfix-Summary-for-Websense-Solutions https://www.securify.nl/advisory/SFY20140906/command_injection_vulnerability_in_network_diagnostics_tool_of_websense_appliance_manager.html http://seclists.org/fulldisclosure/2015/Mar/104 https://www.exploit-db.com/exploits/36423/http://www.securityfocus.com/archive/1/534910/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/36423/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2015-2746

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect