CVE-2018-17431

CRITICAL EXPLOITED NUCLEI

Comodo UTM Firewall <2.7.0 - RCE

Title source: llm

Description

Web Console in Comodo UTM Firewall before 2.7.0 allows remote attackers to execute arbitrary code without authentication via a crafted URL.

Exploits (4)

exploitdb WORKING POC
by Milad Fadavvi · pythonwebappsmultiple
https://www.exploit-db.com/exploits/48825
nomisec WORKING POC 2 stars
by Fadavvi · remote
https://github.com/Fadavvi/CVE-2018-17431-PoC
nomisec WORKING POC
by sanan2004 · poc
https://github.com/sanan2004/CVE-2018-17431-Comodo

Nuclei Templates (1)

Comodo Unified Threat Management Web Console - Remote Code Execution
CRITICALby dwisiswant0

References (3)

Scores

CVSS v3 9.8
EPSS 0.9208
EPSS Percentile 99.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2024-04-15
CWE
CWE-287
Status published
Products (1)
comodo/unified_threat_management_firewall < 2.7.0
Published Jan 30, 2019
Tracked Since Feb 18, 2026