Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-0652

4 documents4 sources

Severity

7.5HIGH

EPSS

6.8%

top 8.65%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

SGI Irix

Timeline

PublishedJul 3

Latest updateMay 3

Description

xfsmd for IRIX 6.5 through 6.5.16 allows remote attackers to execute arbitrary code via shell metacharacters that are not properly filtered from several calls to the popen() function, such as export_fs().

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDsgi/irix17 versions+16

Patches

Patch: patches.sgi.com ↗Patch: patches.sgi.com ↗

🔴Vulnerability Details

GHSA

GHSA-p79g-753v-646v: xfsmd for IRIX 6↗2022-05-03

▶

CVEList

CVE-2002-0652: xfsmd for IRIX 6↗2002-07-01

▶

💥Exploits & PoCs

Exploit-DB

SGI IRIX 6.x - 'rpc.xfsmd' Remote Command Execution↗2002-06-20

▶