CVE-2018-5757
Last modified
CVE-2018-5757 is a vulnerability of currently unknown severity. An issue was discovered on AudioCodes 450HD IP Phone devices with firmware 3.0.0.535.106. The traceroute and ping functionality, which uses a parameter in a request to command.cgi from the Monitoring page in the web UI, unsafely puts user-alterable data directly into an OS command, leading to Remote Code Execution via shell metacharacters in the query string.. EPSS estimates a 7.78% chance of exploitation in the next 30 days.
Description
An issue was discovered on AudioCodes 450HD IP Phone devices with firmware 3.0.0.535.106. The traceroute and ping functionality, which uses a parameter in a request to command.cgi from the Monitoring page in the web UI, unsafely puts user-alterable data directly into an OS command, leading to Remote Code Execution via shell metacharacters in the query string.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Audiocodes | 420hd Ip Phone Firmware | 3.0.0.535.106 |
References
- https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2018-5757Exploit, Third Party Advisory
- https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2018-5757Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-5757?
How severe is CVE-2018-5757?
How do I fix CVE-2018-5757?
Are you affected by CVE-2018-5757?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST