CVE-2017-7175

high-risk

Published 2017-07-10

NfSen before 1.3.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the customfmt parameter (aka the "Custom output format" field).

Do I need to act?

21.4% chance of exploitation in next 30 days

EPSS score — higher than 79% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

1 public exploit available

42314

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.9/10 Critical

NETWORK / LOW complexity

Affected Products (1)

Nfsen

Affected Vendors

Nfsen

References (4)

Vendor Advisory https://sourceforge.net/p/nfsen/news/2017/01/nfsen-138-released---security-fix/

Third Party Advisory https://www.exploit-db.com/exploits/42314/

Vendor Advisory https://sourceforge.net/p/nfsen/news/2017/01/nfsen-138-released---security-fix/

Third Party Advisory https://www.exploit-db.com/exploits/42314/

/ 100

high-risk

Severity 33/34 · Critical

Exploitability 21/34 · High

Exposure 5/34 · Minimal