PT-2007-5571 · Bluecat Networks · Adonis Dns/Dhcp

Published

2007-08-17

Updated

2018-10-15

CVE-2007-4390

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions BlueCat Networks Adonis DNS/DHCP appliance version 5.0.2.8

Description The issue allows local admin users to gain root privileges on the underlying operating system. This is achieved by exploiting shell metacharacters in a command within the Command Line Interface (CLI), also known as the Adonis Administration Console.

Recommendations For version 5.0.2.8, consider restricting access to the Command Line Interface to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using commands that may contain shell metacharacters in the Adonis Administration Console.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2007-4390

Affected Products

Adonis Dns/Dhcp

PT-2007-5571 · Bluecat Networks · Adonis Dns/Dhcp

CVE-2007-4390

Weakness Enumeration

Related Identifiers

Affected Products

References · 10