HTTP: OpenMediaVault Authentication Arbitrary Command Execution
This signature detects attempts to exploit a known vulnerability against Open Media Vault. A successful attack can result in a arbitrary command execution.
Extended Description
The Cron service in rpc.php in OpenMediaVault allows remote authenticated users to execute cron jobs as arbitrary users and execute arbitrary commands via the username parameter.
Affected Products
Openmediavault openmediavault
References
BugTraq: 62873
CVE: CVE-2013-3632
URL: https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats
Short Name
HTTP:OPENMEDIAVAULT-AUTHEN-ACE
Severity
Minor
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
Arbitrary Authentication CVE-2013-3632 Command Execution OpenMediaVault bid:62873
Release Date
06/09/2015
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Openmediavault
CVSS Score
9.0