Executive Summary

Informations
NameCVE-2007-3572First vendor Publication2007-07-05
VendorCveLast vendor Modification2017-07-28

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score9.3Attack RangeNetwork
Cvss Impact Score10Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Security Protection

ImpactsProvides administrator access : Allows complete confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service.

Detail

Incomplete blacklist vulnerability in cgi-bin/runDiagnostics.cgi in the web interface on the Yoggie Pico and Pico Pro allows remote attackers to execute arbitrary commands via shell metacharacters in the param parameter, as demonstrated by URL encoded "`" (backtick) characters (%60 sequences).

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3572

CAPEC : Common Attack Pattern Enumeration & Classification

idName
CAPEC-3Using Leading 'Ghost' Character Sequences to Bypass Input Filters
CAPEC-6Argument Injection
CAPEC-15Command Delimiters
CAPEC-18Embedding Scripts in Nonscript Elements
CAPEC-43Exploiting Multiple Input Interpretation Layers
CAPEC-63Simple Script Injection
CAPEC-71Using Unicode Encoding to Bypass Validation Logic
CAPEC-73User-Controlled Filename
CAPEC-85Client Network Footprinting (using AJAX/XSS)
CAPEC-86Embedding Script (XSS ) in HTTP Headers
CAPEC-88OS Command Injection
CAPEC-108Command Line Execution through SQL Injection
CAPEC-163Spear Phishing

CWE : Common Weakness Enumeration

%idName

CPE : Common Platform Enumeration

TypeDescriptionCount
Application1
Application1

Open Source Vulnerability Database (OSVDB)

idDescription
37808Yoggie Pico Web Interface cgi-bin/runDiagnostics.cgi param Variable Shell Com...

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/24743
FULLDISC http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0020.html
http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0092.html
VUPEN http://www.vupen.com/english/advisories/2007/2417
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/35208

Alert History

If you want to see full details history, please login or register.
0
1
2
3
DateInformations
2017-07-29 12:02:22
  • Multiple Updates
2016-06-28 16:42:07
  • Multiple Updates
2016-04-26 16:19:45
  • Multiple Updates
2013-05-11 10:30:11
  • Multiple Updates