PT-2010-3331 · Oracle · Hsolink
Christian Jaeger
+1
·
Published
2010-08-02
·
Updated
2010-08-03
·
CVE-2010-1671
CVSS v2.0
7.2
High
| Vector | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
hsolink version 1.0.118
Description
The issue allows local users to gain privileges via shell metacharacters in command-line arguments. This can be demonstrated by the second argument in a down action, potentially leading to unauthorized access.
Recommendations
For version 1.0.118, consider restricting the use of hsolinkcontrol to minimize the risk of exploitation until a patch is available. Avoid using shell metacharacters in command-line arguments for the down action to prevent privilege escalation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hsolink