#VU10653 Command injection in NAT32 - CVE-2018-6940
Published: February 19, 2018 / Updated: June 17, 2021
Vulnerability identifier: #VU10653
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber
CVE-ID: CVE-2018-6940
CWE-ID: CWE-77
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vulnerable software:
NAT32
NAT32
Software vendor:
NAT Software
NAT Software
Description
The vulnerability allows a remote attacker to execute arbitrary command on the target system.
The weakness exists due to an error within the Password Checking feature. An attacker can disable Password Checking, inject and execute arbitrary commands.
The weakness exists due to an error within the Password Checking feature. An attacker can disable Password Checking, inject and execute arbitrary commands.
Remediation
Cybersecurity is currently unaware of any solutions addressing the vulnerability.