CVE-2012-2321Improper Input Validation in Connman

CWE-20Improper Input Validation4 documents4 sources
Severity
10.0CRITICALNVD
EPSS
3.5%
top 12.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
ConnmanDebian Connman
Timeline
PublishedMay 18
Latest updateMay 17

Description

The loopback plug-in in ConnMan before 0.85 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) host name or (2) domain name in a DHCP reply.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

debiandebian/connman< connman 1.0-1 (bookworm)
Debianconnman/connman< 1.0-1+3
NVDconnman/connman0.84+83

🔴Vulnerability Details

2
GHSA
GHSA-frmw-wwv7-8q6q: The loopback plug-in in ConnMan before 02022-05-17
OSV
CVE-2012-2321: The loopback plug-in in ConnMan before 02012-05-18

📋Vendor Advisories

1
Debian
CVE-2012-2321: connman - The loopback plug-in in ConnMan before 0.85 allows remote attackers to execute a...2012
CVE-2012-2321 — Improper Input Validation in Connman | cvebase