Attacker Value

Very High

(1 user assessed)

Exploitability

Very High

(1 user assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

CVE-2013-3632

Disclosure Date: September 29, 2014 •

CVE-2013-3632

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Execution

Techniques

Validation

Scheduled Task/Job

Validated

Scheduled Task/Job: Cron

Validated

Command and Scripting Interpreter

Validated

Command and Scripting Interpreter: Unix Shell

Validated

Command and Scripting Interpreter: Python

Validated

Initial Access

Techniques

Validation

Valid Accounts: Default Accounts

Validated

Exploit Public-Facing Application

Validated

Privilege Escalation

Techniques

Validation

Scheduled Task/Job

Validated

Scheduled Task/Job: Cron

Validated

Metasploit Module

OpenMediaVault Cron Remote Command Execution

Description

The Cron service in rpc.php in OpenMediaVault allows remote authenticated users to execute cron jobs as arbitrary users and execute arbitrary commands via the username parameter.

Add Assessment

h00die-gr3y (109)

July 02, 2024 9:14am UTC (2 days ago)

Ratings

Attacker Value

Very High

Exploitability

Very High

Common in enterprise Easy to weaponize Gives privileged access Vulnerable in default configuration Authenticated

Technical Analysis

To published soon.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Unknown

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

Vendors

openmediavault

Products

openmediavault -

Metasploit Modules

OpenMediaVault Cron Remote Command Execution (https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/openmediavault_cmd_exec.rb)

References

Rapid7

Very High

CVE-2013-3632

Very High

Very High

Unknown

Unknown

Unknown

CVE-2013-3632

Description

Add Assessment

Ratings

Technical Analysis

CVSS V3 Severity and Metrics

General Information

Vendors

Products

Metasploit Modules

References

Canonical

Advisory

Miscellaneous

Additional Info

Technical Analysis

Very High

CVE-2013-3632

Very High

Very High

Unknown

Unknown

Unknown

CVE-2013-3632

Description

Add Assessment

Ratings

Technical Analysis

CVSS V3 Severity and Metrics

General Information

Vendors

Products

Metasploit Modules

References

Canonical

Advisory

Miscellaneous

Additional Info

Technical Analysis

Quick Cookie Notification