HTTP: Endian Firewall Proxy Password Change Command Execution
This signature detects an attempt to exploit a known vulnerability against Endian Firewall Proxy application. Successful exploitation could allow an attacker to perform remote code execution.
Extended Description
Endian Firewall before 3.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) NEW_PASSWORD_1 or (2) NEW_PASSWORD_2 parameter to cgi-bin/chpasswd.cgi.
Affected Products
Endian_firewall endian_firewall
References
CVE: CVE-2015-5082
Short Name
HTTP:MISC:ENDIAN-PRX-CMDEXEC
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2015-5082 Change Command Endian Execution Firewall Password Proxy
Release Date
02/09/2016
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3337
False Positive
Unknown
Vendors
Endian_firewall
CVSS Score
10.0