PT-2018-17831 · Nat32 · Nat32

Hyp3Rlinx

Published

2018-02-20

Updated

2018-03-13

CVE-2018-6941

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions NAT32 version 2.2 Build 22284

Description A CSRF issue exists in the HTTPD component that can be exploited for Remote Code Execution in conjunction with XSS, specifically through the "/shell?cmd=" endpoint.

Recommendations For NAT32 version 2.2 Build 22284, consider disabling the HTTPD component or restricting access to the "/shell?cmd=" endpoint until a patch is available. Avoid using the cmd parameter in the affected endpoint to minimize the risk of exploitation.

Exploit

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2018-6941

Affected Products

Nat32

PT-2018-17831 · Nat32 · Nat32

CVE-2018-6941

Weakness Enumeration

Related Identifiers

Affected Products

References · 5