PT-2018-8982 · Unknown+1 · Panda-Server+1

Published

2018-09-07

Updated

2018-11-13

CVE-2018-0643

CVSS v2.0

7.4

High

Vector

AV:A/AC:M/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions ORCA versions 4.8.0 and earlier panda-server version 1:1.4.9+p41-u4jma1 and earlier

Description The issue allows an attacker with administrator rights to execute arbitrary OS commands. The exact vectors used for this are not specified.

Recommendations For ORCA versions 4.8.0 and earlier, at the moment, there is no information about a newer version that contains a fix for this issue. For panda-server version 1:1.4.9+p41-u4jma1 and earlier, at the moment, there is no information about a newer version that contains a fix for this issue.

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2018-0643

Affected Products

Orca

Panda-Server

PT-2018-8982 · Unknown+1 · Panda-Server+1

CVE-2018-0643

Weakness Enumeration

Related Identifiers

Affected Products

References · 4