PT-2018-11090 · Acccheck · Acccheck

Published

2018-06-13

Updated

2019-10-03

CVE-2018-12268

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions acccheck version 0.2.1

Description The issue allows Command Injection via shell metacharacters in a username or password file. This can be demonstrated by injecting commands into an smbclient command line.

Recommendations For acccheck version 0.2.1, consider restricting the use of shell metacharacters in username and password files to minimize the risk of exploitation. Avoid using the acccheck.pl script with untrusted input until a fix is available.

Exploit

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2018-12268

Affected Products

Acccheck

PT-2018-11090 · Acccheck · Acccheck

CVE-2018-12268

Weakness Enumeration

Related Identifiers

Affected Products

References · 6