{"vuid":"VU#841851","idnumber":"841851","name":"Mutiny Technology virtual appliance command injection vulnerability","keywords":["mutiny","appliance","cwe-77"],"overview":"The Mutiny Technology virtual appliance contains a command injection vulnerability which could allow an attacker to inject commands into the appliance.","clean_desc":"CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')\nThe Mutiny Technology virtual appliance contains a network interface menu which is vulnerable to command injection with root privileges.","impact":"An authenticated attacker can run arbitrary commands on the appliance.","resolution":"Update The vendor has stated that this vulnerability has been addressed in Mutiny Technology virtual appliance version 4.5-1.12. Users are advised to upgrade to Mutiny Technology virtual appliance version 4.5-1.12 or higher.","workarounds":"Restrict access As a general good security practice, only allow connections from trusted hosts and networks. Restricting access would prevent an attacker from accessing a Mutiny Technology virtual appliance using stolen credentials from a blocked network location.","sysaffected":"","thanks":"Thanks to Christopher Campbell for reporting this vulnerability.","author":"This document was written by Michael Orlando.","public":["http://cwe.mitre.org/data/definitions/77.html","http://www.mutiny.com/releasehistory.php"],"cveids":["CVE-2012-3001"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2012-07-23T17:26:08Z","publicdate":"2012-10-07T00:00:00Z","datefirstpublished":"2012-10-22T12:05:47Z","dateupdated":"2012-10-22T12:05:48Z","revision":8,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"H","cvss_authentication":null,"cvss_confidentialityimpact":"N","cvss_integrityimpact":"P","cvss_availabilityimpact":"N","cvss_exploitablity":null,"cvss_remediationlevel":"OF","cvss_reportconfidence":"UC","cvss_collateraldamagepotential":"L","cvss_targetdistribution":"L","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"2.1","cvss_basevector":"AV:N/AC:H/Au:S/C:N/I:P/A:N","cvss_temporalscore":"1.4","cvss_environmentalscore":"0.6","cvss_environmentalvector":"CDP:L/TD:L/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}