CVE-2015-9059
CRITICALpicocom < 1.8 - OS Command Injection via Send and Receive File Command
Title source: llmDescription
picocom before 2.0 has a command injection vulnerability in the 'send and receive file' command because the command line is executed by /bin/sh unsafely.
References (2)
Core 2
Core References
Patch, Third Party Advisory x_refsource_confirm
https://github.com/npat-efault/picocom/commit/1ebc60b20fbe9a02436d5cbbf8951714e749ddb1
Mailing List mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/06/msg00030.html
Scores
CVSS v3
9.8
EPSS
0.0218
EPSS Percentile
80.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-77
Status
published
Products (1)
picocom_project/picocom
< 1.8
Published
May 28, 2017
Tracked Since
Feb 18, 2026