CVE-2017-6079
CRITICAL EXPLOITED IN THE WILDEdgewater Networks Edgemarc - Command Injection
Title source: llmExploitation Summary
CVE-2017-6079 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io). EIP tracks 1 public exploit from researchers including MostafaSoliman.
AI-analyzed exploit summary This is a functional exploit for CVE-2017-6079, a blind command injection vulnerability in Edgewater Edgemarc devices. It allows an attacker to execute arbitrary commands on the target device by leveraging a hidden configuration page.
Description
The HTTP web-management application on Edgewater Networks Edgemarc appliances has a hidden page that allows for user-defined commands such as specific iptables routes, etc., to be set. You can use this page as a web shell essentially to execute commands, though you get no feedback client-side from the web application: if the command is valid, it executes. An example is the wget command. The page that allows this has been confirmed in firmware as old as 2006.
Exploits (1)
This is a functional exploit for CVE-2017-6079, a blind command injection vulnerability in Edgewater Edgemarc devices. It allows an attacker to execute arbitrary commands on the target device by leveraging a hidden configuration page.
References (1)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H