CVE-2012-5878
Last modified
CVE-2012-5878 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the hostingPath parameter to (1) SEAttack.pl or (2) CSAttack.pl in frameworkgui/ or the (3) appURLPath parameter to frameworkgui/attachMobileModem.pl.. EPSS estimates a 9.30% chance of exploitation in the next 30 days.
Description
Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the hostingPath parameter to (1) SEAttack.pl or (2) CSAttack.pl in frameworkgui/ or the (3) appURLPath parameter to frameworkgui/attachMobileModem.pl.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Bulbsecurity | Smartphone Pentest Framework | >= 0.1.2, <= 0.1.4 |
References
- https://www.htbridge.com/advisory/HTB23123Not Applicable, Third Party Advisory
- https://www.htbridge.com/advisory/HTB23127Exploit, Third Party Advisory
- https://www.htbridge.com/advisory/HTB23123Not Applicable, Third Party Advisory
- https://www.htbridge.com/advisory/HTB23127Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2012-5878?
How severe is CVE-2012-5878?
How do I fix CVE-2012-5878?
Are you affected by CVE-2012-5878?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST