CVE-2024-0778
published 2024-01-22CVE-2024-0778: ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in Uniview ISC 2500-S up to 20210930. Affected by this issue…
PriorityP185critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
32.09%
98.1th percentile
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in Uniview ISC 2500-S up to 20210930. Affected by this issue is the function setNatConfig of the file /Interface/DevManage/VM.php. The manipulation of the argument natAddress/natPort/natServerPort leads to os command injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251696. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| uniview | isc_2500-s | — | — |
| uniview | isc_2500-s_firmware | <= 20210930 | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.7HIGHAV:A/AC:L/Au:S/C:C/I:C/A:C
vulncheck8.0HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-82vc-jg89-jq37: ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in Uniview ISC 2500-S up to 20210930
ghsa_unreviewed·2024-01-22
CVE-2024-0778 [HIGH] CWE-78 GHSA-82vc-jg89-jq37: ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in Uniview ISC 2500-S up to 20210930
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in Uniview ISC 2500-S up to 20210930. Affected by this issue is the function setNatConfig of the file /Interface/DevManage/VM.php. The manipulation of the argument natAddress/natPort/natServerPort leads to os command injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251696. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.
VulnCheck
uniview isc_2500-s_firmware Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
vulncheck·2024·CVSS 8.0
CVE-2024-0778 [HIGH] uniview isc_2500-s_firmware Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
uniview isc_2500-s_firmware Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in Uniview ISC 2500-S up to 20210930. Affected by this issue is the function setNatConfig of the file /Interface/DevManage/VM.php. The manipulation of the argument natAddress/natPort/natServerPort leads to os command injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251696. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.
Affected: uniview
Suricata
GPL WEB_SERVER global.asa access
suricata·2010-09-23
CVE-2000-0778 GPL WEB_SERVER global.asa access
GPL WEB_SERVER global.asa access
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"GPL WEB_SERVER global.asa access"; flow:established,to_server; http.uri; content:"/global.asa"; nocase; reference:cve,2000-0778; reference:nessus,10491; reference:nessus,10991; classtype:web-application-activity; sid:2101016; rev:17; metadata:created_at 2010_09_23, cve CVE_2000_0778, signature_severity Unknown, updated_at 2024_03_08;)
No public exploits indexed.
2024-01-22
Published
Exploited in the wild