ID:4029 - Exploit for Input validation error in Foreman - CVE-2014-0007

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Exploits ID:4029 - Exploit for Input validation error in Foreman - CVE-2014-0007

ID:4029 - Exploit for Input validation error in Foreman - CVE-2014-0007

Published: August 11, 2020


Vulnerability identifier: #VU41538
Vulnerability risk: Medium
CVE-ID: CVE-2014-0007
CWE-ID: CWE-20
Exploitation vector: Remote access
Vulnerable software:
Foreman

Link to public exploit:


Vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the path parameter to tftp/fetch_boot_file.


Remediation

Install update from vendor's website.