CVE-2007-4390

BlueCat Networks Adonis DNS/DHCP <5.0.2.8 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-4390. PoCs published by forloop.

AI-analyzed exploit summary This exploit leverages a command injection vulnerability in BlueCat Networks Adonis devices by setting the 'host-name' parameter to execute arbitrary shell commands with superuser privileges. The PoC demonstrates a trivial command injection via the 'bash' command.

Description

The Command Line Interface (CLI), aka Adonis Administration Console, on the BlueCat Networks Adonis DNS/DHCP appliance 5.0.2.8 allows local admin users to gain root privileges on the underlying operating system via shell metacharacters in a command.

Exploits (1)

exploitdb WORKING POC VERIFIED

by forloop · textlocallinux

https://www.exploit-db.com/exploits/30503

View Code ZIP pw:eip

This exploit leverages a command injection vulnerability in BlueCat Networks Adonis devices by setting the 'host-name' parameter to execute arbitrary shell commands with superuser privileges. The PoC demonstrates a trivial command injection via the 'bash' command.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: BlueCat Networks Adonis 5.0.2.8

Auth required

Prerequisites: Administrative privileges on the target device

MITRE ATT&CK