Vulnerabilities > CVE-2014-5073 - Remote Command Execution vulnerability in VMTurbo Operations Manager '/cgi-bin/vmtadmin.cgi'
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
vmtadmin.cgi in VMTurbo Operations Manager before 4.6 build 28657 allows remote attackers to execute arbitrary commands via shell metacharacters in the fileDate parameter in a DOWN call. <a href="http://cwe.mitre.org/data/definitions/77.html" target="_blank">CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')</a>
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 4 |
Exploit-Db
| description | VMTurbo Operations Manager 4.6 vmtadmin.cgi Remote Command Execution. CVE-2014-5073. Remote exploit for linux platform |
| file | exploits/linux/remote/34335.rb |
| id | EDB-ID:34335 |
| last seen | 2016-02-03 |
| modified | 2014-08-14 |
| platform | linux |
| port | 80 |
| published | 2014-08-14 |
| reporter | metasploit |
| source | https://www.exploit-db.com/download/34335/ |
| title | VMTurbo Operations Manager 4.6 vmtadmin.cgi Remote Command Execution |
| type | remote |
Metasploit
| description | VMTurbo Operations Manager 4.6 and prior are vulnerable to unauthenticated OS Command injection in the web interface. Use reverse payloads for the most reliable results. Since it is a blind OS command injection vulnerability, there is no output for the executed command when using the cmd generic payload. Port binding payloads are disregarded due to the restrictive firewall settings. This module has been tested successfully on VMTurbo Operations Manager versions 4.5 and 4.6. |
| id | MSF:EXPLOIT/UNIX/HTTP/VMTURBO_VMTADMIN_EXEC_NOAUTH |
| last seen | 2020-06-07 |
| modified | 2017-07-24 |
| published | 2014-08-11 |
| references | |
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/unix/http/vmturbo_vmtadmin_exec_noauth.rb |
| title | VMTurbo Operations Manager vmtadmin.cgi Remote Command Execution |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/127864/vmturbo_vmtadmin_exec_noauth.rb.txt |
| id | PACKETSTORM:127864 |
| last seen | 2016-12-05 |
| published | 2014-08-14 |
| reporter | Emilio Pinna |
| source | https://packetstormsecurity.com/files/127864/VMTurbo-Operations-Manager-4.6-vmtadmin.cgi-Remote-Command-Execution.html |
| title | VMTurbo Operations Manager 4.6 vmtadmin.cgi Remote Command Execution |
References
- http://disse.cting.org/2014/07/30/vmturbo-operation-manager-remote-command-execution/
- http://packetstormsecurity.com/files/127864/VMTurbo-Operations-Manager-4.6-vmtadmin.cgi-Remote-Command-Execution.html
- http://secunia.com/advisories/58880
- http://secunia.com/secunia_research/2014-8/
- http://www.exploit-db.com/exploits/34335
- http://www.osvdb.org/109572
- http://www.securityfocus.com/bid/69225
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95319