Attacker Value

Very High

CVE-2009-0545 — ZeroShell Remote Code Execution

Attacker Value

Very High

(1 user assessed)

Exploitability

Very High

(1 user assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

CVE-2009-0545 — ZeroShell Remote Code Execution

Disclosure Date: February 12, 2009 •

CVE-2009-0545

Exploited in the Wild

Reported by hrbrmstr
View Source Details

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Metasploit Module

ZeroShell Remote Code Execution

Description

cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the type parameter in a NoAuthREQ x509List action.

Add Assessment

hrbrmstr (72)

September 10, 2020 2:42pm UTC (4 years ago)•Edited 4 years ago

Ratings

Attacker Value

Very High

Exploitability

Very High

Easy to weaponize Gives privileged access Unauthenticated Vulnerable in default configuration

Technical Analysis

MSF module — https://www.rapid7.com/db/modules/exploit/unix/webapp/zeroshell_exec

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Unknown

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

Vendors

zeroshell

Products

zeroshell 1.0

Metasploit Modules

ZeroShell Remote Code Execution (https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/zeroshell_exec.rb)

Exploited in the Wild

Reported by:

hrbrmstr

Reported: September 10, 2020 2:41pm UTC (4 years ago)

References

Rapid7

Very High