Description
Opmantek NMIS before 4.3.7c has command injection via man, finger, ping, trace, and nslookup in the tools.pl CGI script. Versions before 8.5.12G might be affected in non-default configurations.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://community.rapid7.com/community/infosec/blog/2016/09/07/multiple-disclosures-for-multiple-network-management-systems-part-2
Scores
CVSS v3
7.5
EPSS
0.0126
EPSS Percentile
65.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-77
Status
published
Products (2)
n/a/Opmantek NMIS before 8.5.12G
Opmantek NMIS before 8.5.12G
opmantek/network_management_information_system
< 4.3.6f
Published
Apr 10, 2017
Tracked Since
Feb 18, 2026