CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,571 vulnerabilities with CWE-77
CVE-2018-0454 HIGH
Cisco Cloud Services Platform 2100 Firmware - Authenticated Command Injection
CVSS 8.8
CVE-2018-0433 HIGH
Cisco SD-WAN Solution < 18.3.0 - Authenticated OS Command Injection via CLI
CVSS 7.8
CVE-2018-0431 HIGH
Cisco Unified Computing System - Authenticated Remote Code Execution via Command Injection
CVSS 8.8
CVE-2018-0430 HIGH
Cisco Unified Computing System - Authenticated Remote Command Execution via Web Management Interface
CVSS 8.8
CVE-2018-0424 HIGH
Cisco RV110W, RV130W, and RV215W Firmware - Authenticated OS Command Injection via Web Management Interface
CVSS 8.8
CVE-2018-1000802 CRITICAL
Python Software Foundation Python <2.7 - Command Injection
CVSS 9.8
CVE-2018-0718 CRITICAL
QNAP Music Station < 5.1.2 - Remote Command Injection
CVSS 9.8
CVE-2018-16460 CRITICAL
Umbraengineering PS < 1.0.0 - Command Injection
CVSS 9.8
CVE-2018-3786 CRITICAL
egg-scripts < 2.8.1 - OS Command Injection via Command Line Argument
CVSS 9.8
CVE-2018-15356 HIGH
Eltex ESP-200 <1.2.0 - Command Injection
CVSS 8.8
CVE-2018-0427 HIGH
Cisco Application Policy Infrastructu... - Command Injection
CVSS 8.8
CVE-2018-0714 CRITICAL
QNAP Helpdesk < 1.1.21 - Remote Command Injection
CVSS 9.8
CVE-2018-3779 CRITICAL
Activesupport - Command Injection
CVSS 9.8
CVE-2018-9866 CRITICAL
SonicWall Global Management System < 8.1 - Remote Code Execution via XML-RPC Parameter Injection
CVSS 9.8
CVE-2018-3772 CRITICAL
whereis < 0.4.1 - OS Command Injection via Unsanitized Input Concatenation
CVSS 9.8
CVE-2018-0351 HIGH
Cisco SD-WAN Solution < 18.3.0 - Authenticated Command Injection via tcpdump Utility
CVSS 7.8
CVE-2018-0350 HIGH
Cisco SD-WAN Solution < 18.3.0 - Authenticated Command Injection via VPN Subsystem Configuration
CVSS 8.8
CVE-2018-0348 HIGH
Cisco SD-WAN Solution < 18.3.0 - Authenticated OS Command Injection via VPN Load Command
CVSS 7.2
CVE-2018-0347 HIGH
Cisco SD-WAN Solution < 18.3.0 - Authenticated Command Injection via ZTP Subsystem
CVSS 7.8
CVE-2018-0344 HIGH
Cisco SD-WAN Solution < 18.3.0 - Authenticated Command Injection via Malicious Username
CVSS 7.2
CVE-2018-0341 HIGH
Cisco IP Phone 6800/7800/8800 Series OS Command Injection via Web UI
CVSS 8.8
CVE-2018-8306 MEDIUM
Microsoft Wireless Display Adapter V2 - Command Injection
CVSS 5.5
CVE-2018-7785 CRITICAL
Schneider Electric U.motion Builder <1.3.4 - Command Injection
CVSS 9.8
CVE-2018-1244 HIGH
Dell iDRAC7/iDRAC8 < 2.60.60.60 and iDRAC9 < 3.21.21.21 - Authenticated Command Injection in SNMP Agent
CVSS 8.8
CVE-2018-1212 HIGH
Dell EMC iDRAC6 - Authenticated Command Injection via Web-Based Diagnostics Console
CVSS 8.8
Details
Vulnerabilities 3,571
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits