CVE-2013-3632
68Vexday Risk Score
Patch soon. It has a working public exploit.
ssvc Attendcvss 8.8epss 57%
from disclosure to weapon0 days
Published on NVDSep 29
1st PoCOct 31
metasploitOct 30
exploitation probability
57%top 1% of all CVEs
observed exploitation
nono source reports it
3 public exploit(s)
The Cron service in rpc.php in OpenMediaVault allows remote authenticated users to execute cron jobs as arbitrary users and execute arbitrary commands via the username parameter.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 3
cve_referencepacketstormsecurity.com/files/179859unverifiedcve_referencewww.exploit-db.com/exploits/29323unverifiedexploitdbwww.exploit-db.com/exploits/29323unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
References
http://osvdb.org/99143https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-foss-disclosures-part-onehttps://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treatshttps://packetstormsecurity.com/files/179859http://www.exploit-db.com/exploits/29323http://www.securityfocus.com/bid/62873