Vulnerabilities > CVE-2007-1836 - Local Privilege Escalation vulnerability in Data Domain Administration Interface

CVSS 9.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

data-domain

critical

NVD

Published: 2007-04-03

Updated: 2018-10-16

Summary

The command line administration interface in Data Domain OS before 4.0.3.6 allows remote authenticated users to execute arbitrary commands via shell metacharacters in certain arguments to various commands, as demonstrated by the interface argument to the (1) ifconfig and (2) ping commands.

Vulnerable Configurations

Part	Description	Count
OS	Data_Domain Data Domain Data Domain OS *	1

References

http://osvdb.org/34537
http://secunia.com/advisories/24666
http://securityreason.com/securityalert/2516
http://www.securityfocus.com/archive/1/464085/100/0/threaded
http://www.securityfocus.com/bid/23182
https://exchange.xforce.ibmcloud.com/vulnerabilities/33291