CVE-2018-16144

CRITICAL

Opsview < 5.3.1 and 5.4.x < 5.4.2 - OS Command Injection via NetAudit Rancid Password Parameter

Title source: llm
STIX 2.1

Description

The test connection functionality in the NetAudit section of Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to command injection due to improper sanitization of the rancid_password parameter.

References (4)

Core 4
Core References
Release Notes, Vendor Advisory x_refsource_confirm
https://knowledge.opsview.com/v5.4/docs/whats-new
Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
https://seclists.org/fulldisclosure/2018/Sep/3
Release Notes, Vendor Advisory x_refsource_confirm
https://knowledge.opsview.com/v5.3/docs/whats-new

Scores

CVSS v3 9.8
EPSS 0.3269
EPSS Percentile 98.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-78
Status published
Products (1)
opsview/opsview < 5.3.1
Published Sep 05, 2018
Tracked Since Feb 18, 2026