CVE-2014-3418

Infoblox NetMRI < 6.8.5 - OS Command Injection via skipjackUsername Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-3418. PoCs published by Nate Kettlewell.

AI-analyzed exploit summary The provided text is an advisory detailing an OS command injection vulnerability (CVE-2014-3418) in Infoblox Network Automation products. It describes the vulnerability, affected versions, and includes a proof-of-concept example using a malformed POST request to execute arbitrary commands as root.

Description

config/userAdmin/login.tdf in Infoblox NetMRI before 6.8.5 allows remote attackers to execute arbitrary commands via shell metacharacters in the skipjackUsername parameter.

Exploits (1)

exploitdb WRITEUP

by Nate Kettlewell · textwebappslinux_x86

https://www.exploit-db.com/exploits/34030

View Code ZIP pw:eip

The provided text is an advisory detailing an OS command injection vulnerability (CVE-2014-3418) in Infoblox Network Automation products. It describes the vulnerability, affected versions, and includes a proof-of-concept example using a malformed POST request to execute arbitrary commands as root.

Classification

Writeup 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Infoblox Network Automation (NetMRI, Switch Port Manager, Automation Change Manager, Security Device Controller) versions 6.4.X.X-6.8.4.X

No auth needed

Prerequisites: Network access to the vulnerable web interface

MITRE ATT&CK