vendor:
OpenMediaVault
by:
Brandon Perry
N/A
CVSS
N/A
Remote Command Execution
78
CWE
Product Name: OpenMediaVault
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: CVE-2013-3632
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Unix, Linux
2013
OpenMediaVault Cron Remote Command Execution
OpenMediaVault allows an authenticated user to create cron jobs as aribtrary users on the system. An attacker can abuse this to run arbitrary commands as any user available on the system (including root).
Mitigation:
Authentication should be enabled for cron jobs and users should be restricted to only run commands they are authorized to run.
