← back
CVE-2014-125118

eScan 5.5-2 Web Management Console Command Injection

CVSS 9.4 CRITICALEPSS 3.3%CWE-306CWE-78
A command injection vulnerability exists in the eScan Web Management Console version 5.5-2. The application fails to properly sanitize the 'pass' parameter when processing login requests to login.php, allowing an authenticated attacker with a valid username to inject arbitrary commands via a specially crafted password value. Successful exploitation results in remote code execution. Privilege escalation to root is possible by abusing the runasroot utility with mwconf-level privileges.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Affected products
MicroWorld · eScan Web Management Console
public PoCs found2
cve_referenceraw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/antivirus/escan_password_exec.rbunverifiedcve_referencewww.exploit-db.com/exploits/32869unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/antivirus/escan_password_exec.rbhttps://www.exploit-db.com/exploits/32869https://www.vulncheck.com/advisories/escan-web-management-console-command-injection