cbcvebase.
CVE-2014-0007
published 2014-06-20

CVE-2014-0007: The Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the path…

PriorityP263high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
9.02%
94.6th percentile
The Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the path parameter to tftp/fetch_boot_file.

Affected

6 ranges
VendorProductVersion rangeFixed in
theforemanforeman<= 1.4.4
theforemanforeman
theforemanforeman
theforemanforeman
theforemanforeman
theforemanforeman

Detection & IOCsextracted from sources · hover to see the quote

urlhttps://www.example.com:8443/tftp/fetch_boot_file?prefix=a&path=%3Btouch%20%2Ftmp%2Fbusted%3B
port8443
path/tftp/fetch_boot_file
  • Look for HTTP POST requests to /tftp/fetch_boot_file containing shell metacharacters (e.g., semicolons, URL-encoded as %3B) in the 'path' query parameter, indicating command injection attempts.
  • Monitor for POST requests to the Foreman Smart-Proxy endpoint on port 8443 with Accept: application/json header and a 'path' parameter containing URL-encoded shell metacharacters such as %3B (semicolon).
  • The vulnerable code path is in tftp.rb within the smart-proxy; monitor for unexpected process spawning from the foreman-proxy user, especially shell commands not initiated by normal TFTP boot file fetch operations.
  • ·Affected versions are Foreman before 1.4.5 and 1.5.x before 1.5.1; ensure foreman-proxy is patched to 1.4.5+ or 1.5.1+ to remediate.
  • ·Exploitation runs with the privileges of the foreman-proxy user; assess the privilege level of this account in your environment to gauge blast radius.

CVSS provenance

nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.