CVE-2018-17431

CRITICAL EXPLOITED NUCLEI

Comodo Unified Threat Management Firewall < 2.7.0 - Unauthenticated Remote Code Execution

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2018-17431 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 3 public exploits from researchers including Milad Fadavvi, Fadavvi, sanan2004. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit targets a remote code execution vulnerability in Comodo Unified Threat Management Web Console versions before 2.7.0 and 1.5.0. It crafts a malicious URL with encoded commands to disable SSH, leveraging improper input validation in the web console.

Description

Web Console in Comodo UTM Firewall before 2.7.0 allows remote attackers to execute arbitrary code without authentication via a crafted URL.

Exploits (3)

exploitdb WORKING POC
by Milad Fadavvi · pythonwebappsmultiple
https://www.exploit-db.com/exploits/48825

This exploit targets a remote code execution vulnerability in Comodo Unified Threat Management Web Console versions before 2.7.0 and 1.5.0. It crafts a malicious URL with encoded commands to disable SSH, leveraging improper input validation in the web console.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Comodo Unified Threat Management Web Console < 2.7.0 & < 1.5.0
No auth needed
Prerequisites: Network access to the target web console · Target software version must be vulnerable
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 2 stars
by Fadavvi · remote
https://github.com/Fadavvi/CVE-2018-17431-PoC

This PoC exploits a remote command execution vulnerability in Comodo UTM via the web console by sending crafted HTTP requests with URL-encoded commands. The exploit disables SSH as a demonstration of arbitrary command execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Comodo unified threat management (UTM) before versions 2.7.0 and 1.5.0
No auth needed
Prerequisites: Network access to the Comodo UTM web console · Target running vulnerable Comodo UTM version
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by sanan2004 · poc
https://github.com/sanan2004/CVE-2018-17431-Comodo

This PoC exploits a remote command execution vulnerability in Comodo UTM via the web console by sending crafted HTTP requests with URL-encoded commands. It demonstrates disabling SSH by simulating webshell input.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Comodo unified threat management (UTM) before versions 2.7.0 and 1.5.0
No auth needed
Prerequisites: Network access to the Comodo UTM web interface · Target running vulnerable Comodo UTM version
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Comodo Unified Threat Management Web Console - Remote Code Execution
CRITICALby dwisiswant0

References (3)

Core 3

Scores

CVSS v3 9.8
EPSS 0.9208
EPSS Percentile 99.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2024-04-15
CWE
CWE-287
Status published
Products (1)
comodo/unified_threat_management_firewall < 2.7.0
Published Jan 30, 2019
Tracked Since Feb 18, 2026