Vulnerabilites related to xorux - stor2rrd
CVE-2020-24032 (GCVE-0-2020-24032)
Vulnerability from cvelistv5
Published
2020-08-18 20:15
Modified
2024-08-04 15:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
tz.pl on XoruX LPAR2RRD and STOR2RRD 2.70 virtual appliances allows cmd=set&tz=OS command injection via shell metacharacters in a timezone.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.stor2rrd.com/download.php | x_refsource_MISC | |
| https://pastebin.com/dHhawgx8 | x_refsource_MISC | |
| https://pastebin.com/G8981Fj8 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:05:11.730Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.stor2rrd.com/download.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pastebin.com/dHhawgx8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pastebin.com/G8981Fj8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "tz.pl on XoruX LPAR2RRD and STOR2RRD 2.70 virtual appliances allows cmd=set\u0026tz=OS command injection via shell metacharacters in a timezone."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-27T12:26:24",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.stor2rrd.com/download.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pastebin.com/dHhawgx8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pastebin.com/G8981Fj8"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-24032",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "tz.pl on XoruX LPAR2RRD and STOR2RRD 2.70 virtual appliances allows cmd=set\u0026tz=OS command injection via shell metacharacters in a timezone."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.stor2rrd.com/download.php",
"refsource": "MISC",
"url": "https://www.stor2rrd.com/download.php"
},
{
"name": "https://pastebin.com/dHhawgx8",
"refsource": "MISC",
"url": "https://pastebin.com/dHhawgx8"
},
{
"name": "https://pastebin.com/G8981Fj8",
"refsource": "MISC",
"url": "https://pastebin.com/G8981Fj8"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-24032",
"datePublished": "2020-08-18T20:15:45",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T15:05:11.730Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42371 (GCVE-0-2021-42371)
Vulnerability from cvelistv5
Published
2021-11-08 04:46
Modified
2024-08-04 03:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
lpar2rrd is a hardcoded system account in XoruX LPAR2RRD and STOR2RRD before 7.30.
References
| ▼ | URL | Tags |
|---|---|---|
| https://stor2rrd.com/note730.php | x_refsource_CONFIRM | |
| https://lpar2rrd.com/note730.php | x_refsource_CONFIRM | |
| https://github.com/orangecertcc/security-research/security/advisories/GHSA-p2fq-9h5j-x6w5 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:30:38.368Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://stor2rrd.com/note730.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://lpar2rrd.com/note730.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-p2fq-9h5j-x6w5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "lpar2rrd is a hardcoded system account in XoruX LPAR2RRD and STOR2RRD before 7.30."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-22T15:53:35",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://stor2rrd.com/note730.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://lpar2rrd.com/note730.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-p2fq-9h5j-x6w5"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-42371",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lpar2rrd is a hardcoded system account in XoruX LPAR2RRD and STOR2RRD before 7.30."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://stor2rrd.com/note730.php",
"refsource": "CONFIRM",
"url": "https://stor2rrd.com/note730.php"
},
{
"name": "https://lpar2rrd.com/note730.php",
"refsource": "CONFIRM",
"url": "https://lpar2rrd.com/note730.php"
},
{
"name": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-p2fq-9h5j-x6w5",
"refsource": "MISC",
"url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-p2fq-9h5j-x6w5"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-42371",
"datePublished": "2021-11-08T04:46:24",
"dateReserved": "2021-10-14T00:00:00",
"dateUpdated": "2024-08-04T03:30:38.368Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42372 (GCVE-0-2021-42372)
Vulnerability from cvelistv5
Published
2021-11-08 04:44
Modified
2024-08-04 03:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A shell command injection in the HW Events SNMP community in XoruX LPAR2RRD and STOR2RRD before 7.30 allows authenticated remote attackers to execute arbitrary shell commands as the user running the service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://stor2rrd.com/note730.php | x_refsource_CONFIRM | |
| https://lpar2rrd.com/note730.php | x_refsource_CONFIRM | |
| https://github.com/orangecertcc/security-research/security/advisories/GHSA-xfw3-pgp3-5j2p | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:30:38.239Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://stor2rrd.com/note730.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://lpar2rrd.com/note730.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-xfw3-pgp3-5j2p"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A shell command injection in the HW Events SNMP community in XoruX LPAR2RRD and STOR2RRD before 7.30 allows authenticated remote attackers to execute arbitrary shell commands as the user running the service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-22T15:41:34",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://stor2rrd.com/note730.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://lpar2rrd.com/note730.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-xfw3-pgp3-5j2p"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-42372",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A shell command injection in the HW Events SNMP community in XoruX LPAR2RRD and STOR2RRD before 7.30 allows authenticated remote attackers to execute arbitrary shell commands as the user running the service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://stor2rrd.com/note730.php",
"refsource": "CONFIRM",
"url": "https://stor2rrd.com/note730.php"
},
{
"name": "https://lpar2rrd.com/note730.php",
"refsource": "CONFIRM",
"url": "https://lpar2rrd.com/note730.php"
},
{
"name": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-xfw3-pgp3-5j2p",
"refsource": "MISC",
"url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-xfw3-pgp3-5j2p"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-42372",
"datePublished": "2021-11-08T04:44:21",
"dateReserved": "2021-10-14T00:00:00",
"dateUpdated": "2024-08-04T03:30:38.239Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42370 (GCVE-0-2021-42370)
Vulnerability from cvelistv5
Published
2021-11-08 04:49
Modified
2024-08-04 03:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A password mismanagement situation exists in XoruX LPAR2RRD and STOR2RRD before 7.30 because cleartext information is present in HTML password input fields in the device properties. (Viewing the passwords requires configuring a web browser to display HTML password input fields.)
References
| ▼ | URL | Tags |
|---|---|---|
| https://stor2rrd.com/note730.php | x_refsource_CONFIRM | |
| https://lpar2rrd.com/note730.php | x_refsource_CONFIRM | |
| https://github.com/orangecertcc/security-research/security/advisories/GHSA-f3qp-4xqq-2wjx | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:30:38.266Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://stor2rrd.com/note730.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://lpar2rrd.com/note730.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-f3qp-4xqq-2wjx"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A password mismanagement situation exists in XoruX LPAR2RRD and STOR2RRD before 7.30 because cleartext information is present in HTML password input fields in the device properties. (Viewing the passwords requires configuring a web browser to display HTML password input fields.)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-22T17:24:25",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://stor2rrd.com/note730.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://lpar2rrd.com/note730.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-f3qp-4xqq-2wjx"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-42370",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A password mismanagement situation exists in XoruX LPAR2RRD and STOR2RRD before 7.30 because cleartext information is present in HTML password input fields in the device properties. (Viewing the passwords requires configuring a web browser to display HTML password input fields.)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://stor2rrd.com/note730.php",
"refsource": "CONFIRM",
"url": "https://stor2rrd.com/note730.php"
},
{
"name": "https://lpar2rrd.com/note730.php",
"refsource": "CONFIRM",
"url": "https://lpar2rrd.com/note730.php"
},
{
"name": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-f3qp-4xqq-2wjx",
"refsource": "MISC",
"url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-f3qp-4xqq-2wjx"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-42370",
"datePublished": "2021-11-08T04:49:28",
"dateReserved": "2021-10-14T00:00:00",
"dateUpdated": "2024-08-04T03:30:38.266Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2021-11-08 05:15
Modified
2024-11-21 06:27
Severity ?
Summary
A password mismanagement situation exists in XoruX LPAR2RRD and STOR2RRD before 7.30 because cleartext information is present in HTML password input fields in the device properties. (Viewing the passwords requires configuring a web browser to display HTML password input fields.)
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/orangecertcc/security-research/security/advisories/GHSA-f3qp-4xqq-2wjx | Third Party Advisory | |
| cve@mitre.org | https://lpar2rrd.com/note730.php | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://stor2rrd.com/note730.php | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/orangecertcc/security-research/security/advisories/GHSA-f3qp-4xqq-2wjx | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lpar2rrd.com/note730.php | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://stor2rrd.com/note730.php | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xorux:lpar2rrd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18C13897-3921-46AC-BB02-4D5CEB3FF48A",
"versionEndExcluding": "7.30",
"versionStartIncluding": "7.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xorux:stor2rrd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F02B19C0-7243-4034-A064-2BAA032B30EA",
"versionEndExcluding": "7.30",
"versionStartIncluding": "7.21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A password mismanagement situation exists in XoruX LPAR2RRD and STOR2RRD before 7.30 because cleartext information is present in HTML password input fields in the device properties. (Viewing the passwords requires configuring a web browser to display HTML password input fields.)"
},
{
"lang": "es",
"value": "Se presenta una situaci\u00f3n de manejo inapropiado de contrase\u00f1as en XoruX LPAR2RRD y STOR2RRD versiones anteriores a 7.30, porque la informaci\u00f3n en texto sin cifrar est\u00e1 presente en los campos de entrada de contrase\u00f1as HTML en las propiedades del dispositivo. (Una visualizaci\u00f3n de las contrase\u00f1as requiere la configuraci\u00f3n de un navegador web para mostrar los campos de entrada de contrase\u00f1as HTML)"
}
],
"id": "CVE-2021-42370",
"lastModified": "2024-11-21T06:27:40.653",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-08T05:15:07.713",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-f3qp-4xqq-2wjx"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://lpar2rrd.com/note730.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://stor2rrd.com/note730.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-f3qp-4xqq-2wjx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://lpar2rrd.com/note730.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://stor2rrd.com/note730.php"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-312"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-11-08 05:15
Modified
2024-11-21 06:27
Severity ?
Summary
A shell command injection in the HW Events SNMP community in XoruX LPAR2RRD and STOR2RRD before 7.30 allows authenticated remote attackers to execute arbitrary shell commands as the user running the service.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/orangecertcc/security-research/security/advisories/GHSA-xfw3-pgp3-5j2p | Exploit, Third Party Advisory | |
| cve@mitre.org | https://lpar2rrd.com/note730.php | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://stor2rrd.com/note730.php | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/orangecertcc/security-research/security/advisories/GHSA-xfw3-pgp3-5j2p | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lpar2rrd.com/note730.php | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://stor2rrd.com/note730.php | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xorux:lpar2rrd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE900D73-0FCC-4EC3-96C8-B8EF6E7E080C",
"versionEndExcluding": "7.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xorux:stor2rrd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A2AFD8C-75D4-417D-ABE5-E8383D316645",
"versionEndExcluding": "7.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A shell command injection in the HW Events SNMP community in XoruX LPAR2RRD and STOR2RRD before 7.30 allows authenticated remote attackers to execute arbitrary shell commands as the user running the service."
},
{
"lang": "es",
"value": "Una inyecci\u00f3n de comandos de shell en la comunidad HW Events SNMP en XoruX LPAR2RRD y STOR2RRD versiones anteriores a 7.30 permite a atacantes remotos autenticados ejecutar comandos de shell arbitrarios como el usuario que ejecuta el servicio"
}
],
"id": "CVE-2021-42372",
"lastModified": "2024-11-21T06:27:40.980",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-08T05:15:07.827",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-xfw3-pgp3-5j2p"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://lpar2rrd.com/note730.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://stor2rrd.com/note730.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-xfw3-pgp3-5j2p"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://lpar2rrd.com/note730.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://stor2rrd.com/note730.php"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-08-18 21:15
Modified
2024-11-21 05:14
Severity ?
Summary
tz.pl on XoruX LPAR2RRD and STOR2RRD 2.70 virtual appliances allows cmd=set&tz=OS command injection via shell metacharacters in a timezone.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://pastebin.com/G8981Fj8 | Third Party Advisory | |
| cve@mitre.org | https://pastebin.com/dHhawgx8 | Broken Link | |
| cve@mitre.org | https://www.stor2rrd.com/download.php | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pastebin.com/G8981Fj8 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pastebin.com/dHhawgx8 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.stor2rrd.com/download.php | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xorux:lpar2rrd:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "37A7E247-0712-4686-8D65-C237F6989AC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xorux:stor2rrd:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "186C73C9-50B8-4A18-8A46-5FD92B34005C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "tz.pl on XoruX LPAR2RRD and STOR2RRD 2.70 virtual appliances allows cmd=set\u0026tz=OS command injection via shell metacharacters in a timezone."
},
{
"lang": "es",
"value": "El archivo tz.pl en los dispositivos virtuales XoruX LPAR2RRD y STOR2RRD versi\u00f3n 2.70, permite una inyecci\u00f3n de comandos cmd=set\u0026amp;tz=OS por medio de metacaracteres de shell en una zona horaria."
}
],
"id": "CVE-2020-24032",
"lastModified": "2024-11-21T05:14:20.447",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-18T21:15:12.300",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://pastebin.com/G8981Fj8"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://pastebin.com/dHhawgx8"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.stor2rrd.com/download.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://pastebin.com/G8981Fj8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://pastebin.com/dHhawgx8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.stor2rrd.com/download.php"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-11-08 05:15
Modified
2024-11-21 06:27
Severity ?
Summary
lpar2rrd is a hardcoded system account in XoruX LPAR2RRD and STOR2RRD before 7.30.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/orangecertcc/security-research/security/advisories/GHSA-p2fq-9h5j-x6w5 | Third Party Advisory | |
| cve@mitre.org | https://lpar2rrd.com/note730.php | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://stor2rrd.com/note730.php | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/orangecertcc/security-research/security/advisories/GHSA-p2fq-9h5j-x6w5 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lpar2rrd.com/note730.php | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://stor2rrd.com/note730.php | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xorux:lpar2rrd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE900D73-0FCC-4EC3-96C8-B8EF6E7E080C",
"versionEndExcluding": "7.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xorux:stor2rrd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A2AFD8C-75D4-417D-ABE5-E8383D316645",
"versionEndExcluding": "7.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "lpar2rrd is a hardcoded system account in XoruX LPAR2RRD and STOR2RRD before 7.30."
},
{
"lang": "es",
"value": "lpar2rrd es una cuenta de sistema codificada en XoruX LPAR2RRD y STOR2RRD versiones anteriores a 7.30"
}
],
"id": "CVE-2021-42371",
"lastModified": "2024-11-21T06:27:40.820",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-08T05:15:07.770",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-p2fq-9h5j-x6w5"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://lpar2rrd.com/note730.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://stor2rrd.com/note730.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-p2fq-9h5j-x6w5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://lpar2rrd.com/note730.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://stor2rrd.com/note730.php"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-922"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}