Command injection in NAT32 - CVE-2018-6940
Published: February 19, 2018 / Updated: June 17, 2021
Vulnerability identifier: #VU10653
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber
CVE-ID: CVE-2018-6940
CWE-ID: CWE-77
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vendor: NAT Software
Affected software:
NAT32
NAT32
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary command on the target system.
The weakness exists due to an error within the Password Checking feature. An attacker can disable Password Checking, inject and execute arbitrary commands.
The weakness exists due to an error within the Password Checking feature. An attacker can disable Password Checking, inject and execute arbitrary commands.
How to mitigate CVE-2018-6940
Cybersecurity is currently unaware of any solutions addressing the vulnerability.