cbcvebase.
CVE-2017-9757
published 2017-06-19

CVE-2017-9757: IPFire 2.19 has a Remote Command Injection vulnerability in ids.cgi via the OINKCODE parameter, which is mishandled by a shell. This can be exploited directly…

PriorityP270high8.8CVSS 3.0
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
38.50%
98.4th percentile
IPFire 2.19 has a Remote Command Injection vulnerability in ids.cgi via the OINKCODE parameter, which is mishandled by a shell. This can be exploited directly by authenticated users, or through CSRF.

Affected

1 ranges
VendorProductVersion rangeFixed in
ipfireipfire<= 2.19

Detection & IOCsextracted from sources · hover to see the quote

path/cgi-bin/ids.cgi
otherOINKCODE
  • Monitor HTTP requests to ids.cgi containing shell metacharacters or command injection payloads in the OINKCODE parameter field.
  • This vulnerability can be exploited via CSRF in addition to direct authenticated access — monitor for unexpected cross-origin POST requests targeting ids.cgi.
  • Flag IPFire instances running versions below 2.19 Update Core 110 as unpatched and at risk of remote command execution via ids.cgi.
  • ·Exploitation requires authentication OR a CSRF vector, meaning unauthenticated remote exploitation is only possible if an authenticated user can be socially engineered into triggering the CSRF payload.

CVSS provenance

nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.