OS Command Injection Vulnerability in Reporter CLI
SUMMARY
The Symantec Reporter CLI is susceptible to an OS command injection vulnerability. An authenticated malicious administrator with Enable mode access can execute arbitrary OS commands with elevated system privileges.
AFFECTED PRODUCTS
| Reporter | ||
|---|---|---|
| CVE | Supported Version(s) | Remediation |
| CVE-2018-12237 | 9.5 | Not vulnerable |
| 10.1 | Upgrade to 10.1.5.6. | |
| 10.2 | Upgrade to 10.2.1.8. | |
| 10.3 | Not vulnerable | |
ISSUES
| CVE-2018-12237 | |
|---|---|
| Severity / CVSSv3 | High / 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) |
| References | SecurityFocus: BID 106518 / NVD: CVE-2018-12237 |
| Impact | OS command injection |
| Description | An OS command injection vulnerability in the Reporter CLI allows an authenticated malicious administrator with Enable mode access to execute arbitrary OS commands with elevated system privileges. |
ACKNOWLEDGEMENTS
- CVE-2018-12237: Sam Young ([email protected])
REVISION
2019-01-10 intial public release