CVE-2018-12237

The Symantec Reporter CLI 10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8 is susceptible to an OS command injection vulnerability. An authenticated malicious administrator with Enable mode access can execute arbitrary OS commands with elevated system privileges.

Published: Jan 24, 2019
Updated: Apr 13, 2023
CVE: CVE-2018-12237
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.2
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 9
AV:N/AC:L/Au:S/C:C/I:C/A:C

CWEs:

CWE-78

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
symantec / reporter	10.2	10.2.1.8
symantec / reporter	10.1	10.1.5.6

http://www.securityfocus.com/bid/106518
https://support.symantec.com/en_US/article.SYMSA1465.html

Vulnerability Database

289,871

CVE-2018-12237