CVE-2012-10048
published 2025-08-08CVE-2012-10048: Zenoss Core 3.x contains a command injection vulnerability in the showDaemonXMLConfig endpoint. The daemon parameter is passed directly to a Popen() call in…
PriorityP266high8.7CVSS 4.0
AVNACLATNPRLUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
2.67%
83.8th percentile
Zenoss Core 3.x contains a command injection vulnerability in the showDaemonXMLConfig endpoint. The daemon parameter is passed directly to a Popen() call in ZenossInfo.py without proper sanitation, allowing authenticated users to execute arbitrary commands on the server as the zenoss user.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| zenoss_inc | zenoss_core | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP requests to the showDaemonXMLConfig endpoint for shell metacharacters or command injection payloads in the 'daemon' parameter (e.g., semicolons, pipes, backticks, $() constructs). ↗
- →Alert on child processes spawned by the Zenoss application process (zenoss user context) that are not typical daemon management processes, as exploitation results in arbitrary OS command execution via Popen(). ↗
- →Look for Metasploit module activity targeting Zenoss 3.x HTTP endpoints, specifically the exploit module path linux/http/zenoss_showdaemonxmlconfig_exec. ↗
- ·Exploitation requires prior authentication to the Zenoss web interface; unauthenticated access alone is insufficient to trigger the vulnerability. ↗
- ·The vulnerability is scoped to Zenoss Core 3.x; other major versions are not confirmed affected by this specific code path. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://web.archive.org/web/20221203180334/https://itsecuritysolutions.org/2012-07-30-zenoss-3.2.1-multiple-security-vulnerabilities/https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/zenoss_showdaemonxmlconfig_exec.rbhttps://sourceforge.net/projects/zenoss/https://www.exploit-db.com/exploits/20205https://www.exploit-db.com/exploits/37571https://www.vulncheck.com/advisories/zenoss-command-execution
2025-08-08
Published