CVE-2018-12237

CWE-78 — OS Command Injection3 documents3 sources

Severity

7.2HIGH

EPSS

2.4%

top 14.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Symantec Reporter Symantec Corporation Symantec Reporter

Timeline

PublishedJan 24

Latest updateMay 14

Description

The Symantec Reporter CLI 10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8 is susceptible to an OS command injection vulnerability. An authenticated malicious administrator with Enable mode access can execute arbitrary OS commands with elevated system privileges.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

▶NVDsymantec/reporter10.1 — 10.1.5.6+1

▶CVEListV5symantec_corporation/symantec_reporter10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8

🔴Vulnerability Details

GHSA

GHSA-9696-8p87-q8wc: The Symantec Reporter CLI 10↗2022-05-14

▶

CVEList

CVE-2018-12237: The Symantec Reporter CLI 10↗2019-01-24

▶