CVE-2012-5693

Name of the Vulnerable Software and Affected Versions: Bulb Security Smartphone Pentest Framework (SPF) versions prior to 0.1.3

Description: The issue allows remote attackers to execute arbitrary commands via shell metacharacters in various parameters to different scripts in the frameworkgui directory. The vulnerable parameters include ipAddressTB to remoteAttack.pl or guessPassword.pl, filename to CSAttack.pl or SEAttack.pl, phNo2Attack to CSAttack.pl or SEAttack.pl, platformDD2 to SEAttack.pl, agentURLPath or agentControlKey to attach2agents.pl, and controlKey to attachMobileModem.pl.

Recommendations: For versions prior to 0.1.3, update to version 0.1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable scripts in the frameworkgui directory until the update is applied. Avoid using the vulnerable parameters in the affected scripts until the issue is resolved.