Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2014-0007 — OS Command Injection in Foreman

CWE-78 — OS Command Injection8 documents6 sources

Severity

7.5HIGHNVD

EPSS

6.4%

top 8.95%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Theforeman Foreman

Timeline

PublishedJun 20

Latest updateMay 17

Description

The Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the path parameter to tftp/fetch_boot_file.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDtheforeman/foreman1.4.4+5

Patches

Patch: projects.theforeman.org ↗Patch: projects.theforeman.org ↗

🔴Vulnerability Details

GHSA

GHSA-4ffx-rh24-gpxh: The Smart-Proxy in Foreman before 1↗2022-05-17

▶

CVEList

CVE-2014-0007: The Smart-Proxy in Foreman before 1↗2014-06-20

▶

💥Exploits & PoCs

Exploit-DB

SAP NetWeaver Enqueue Server - Denial of Service↗2014-10-17

▶

Exploit-DB

Foreman Smart-Proxy - Remote Command Injection↗2014-06-05

▶

📋Vendor Advisories

Red Hat

foreman-proxy: smart-proxy remote command injection↗2014-06-18

▶

💬Community

Bugzilla

CVE-2014-8097 xorg-x11-server: out of bounds access due to not validating length or offset values in DBE extension↗2014-11-27

▶

Bugzilla

CVE-2014-0007 foreman-proxy: smart-proxy remote command injection↗2014-06-06

▶