⚠ Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.

CVE-2019-16072OS Command Injection in Enigma Network Management Solution

CWE-78OS Command Injection8 documents7 sources
Severity
9.8CRITICALNVD
EPSS
89.3%
top 0.46%
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Affected products
1
Netsas Enigma Network Management Solution
Timeline
PublishedMar 20
Latest updateMay 24

Description

An OS command injection vulnerability in the discover_and_manage CGI script in NETSAS Enigma NMS 65.0.0 and prior allows an attacker to execute arbitrary code because of improper neutralization of shell metacharacters in the ip_address variable within an snmp_browser action.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

3
GHSA
GHSA-2f22-7m2c-fwgc: An OS command injection vulnerability in the discover_and_manage CGI script in NETSAS Enigma NMS 652022-05-24
CVEList
CVE-2019-16072: An OS command injection vulnerability in the discover_and_manage CGI script in NETSAS Enigma NMS 652020-03-19
VulnCheck
netsas enigma_network_management_solution Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')2019

💥Exploits & PoCs

2
Exploit-DB
Enigma NMS 65.0.0 - OS Command Injection2019-09-09
Nuclei
Enigma NMS < 65.0.0 - Authenticated OS Command Injection

🔍Detection Rules

2
Suricata
ET EXPLOIT Enigma Network Management Systems v65.0.0 CVE-2019-16072 (Outbound)2019-12-16
Suricata
ET EXPLOIT Enigma Network Management Systems v65.0.0 CVE-2019-16072 (Inbound)2019-12-16
CVE-2019-16072 — OS Command Injection | cvebase