A shell command injection vulnerability in the PAN-OS CLI allows a local authenticated user to escape the restricted shell and escalate privileges. This issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13. This issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions. This issue is fixed in PAN-OS 8.1.13, and all later versions.
A command injection is possible through the user interface, allowing arbitrary command execution as the root user. oMG2000 running MGOS 3.15.1 or earlier is affected. MG90 running MGOS 4.2.1 or earlier is affected.
In Helix Sync versions prior to 2024.1, a local command injection was identified. Reported by Bryan Riggins.
In Autoswitch Python Virtualenv before version 0.16.0, a user who enters a directory with a malicious `.venv` file could run arbitrary code without any user interaction. This is fixed in version: 1.16.0
In screencap, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege in a system process with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-123230379
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects XR500 before 2.3.2.56 and XR700 before 1.0.1.20.
A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS) of an affected device as root. The vulnerability is due to insufficient input validation of a configuration file that is accessible to a local shell user. An attacker could exploit this vulnerability by including malicious input during the execution of this file. A successful exploit could allow the attacker to execute arbitrary commands on the underlying OS as root.
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop version 14.1.3 (45485). An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Parallels Service. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of root. Was ZDI-CAN-8685.
Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Command Injection Vulnerability in the CLI use of the ‘more’ command. A local or remote authenticated attacker could potentially exploit this vulnerability, leading to the ability to gain root-level access.
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid user credentials to exploit this vulnerability.
The issue was addressed with improved memory handling. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17. An app may be able to execute arbitrary code with kernel privileges.
A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI utility. The attacker must be authenticated to access the CLI utility. A successful exploit could allow the attacker to execute commands with root privileges.
In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely.
Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow multiple arbitrary command injections, as demonstrated by the file manager.
PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow the execution of arbitrary commands with system account privilege by shell injection starting with a specific word. The attacker must have shell access to the device in order to exploit this vulnerability.
SonarQube Server and Cloud is a static analysis solution for continuous code quality and security inspection. In versions 4 to 5.3.0, a command injection vulnerability was discovered in the SonarQube Scan GitHub Action that allows untrusted input arguments to be processed without proper sanitization. Arguments sent to the action are treated as shell expressions, allowing potential execution of arbitrary commands. A fix has been released in SonarQube Scan GitHub Action 5.3.1.
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions 3.23.18 and below, RooCode does not validate line breaks (\n) in its command input, allowing potential bypass of the allow-list mechanism. The project appears to lack parsing or validation logic to prevent multi-line command injection. When commands are evaluated for execution, only the first line or token may be considered, enabling attackers to smuggle additional commands in subsequent lines. This is fixed in version 3.23.19.
An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiTester 3.0.0 through 7.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.
This vulnerability allows a Backup or Tape Operator to perform remote code execution (RCE) as root by creating a malicious backup configuration file.
Insecure default configurations in Hikvision Interactive Tablet DS-D5B86RB/B V2.3.0 build220119, allows attackers to execute arbitrary commands.
com.perimeter81.osx.HelperTool in Perimeter81 10.0.0.19 on macOS allows Local Privilege Escalation (to root) via shell metacharacters in usingCAPath.
BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c.
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Wake DMCUB before executing GPINT commands [Why] DMCUB can be in idle when we attempt to interface with the HW through the GPINT mailbox resulting in a system hang. [How] Add dc_wake_and_execute_gpint() to wrap the wake, execute, sleep sequence. If the GPINT executes successfully then DMCUB will be put back into sleep after the optional response is returned. It functions similar to the inbox command interface.
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a command injection vulnerability in libifc.so websetdefaultlangcfg function.
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects AC2100 before 1.2.0.88, AC2400 before 1.2.0.88, AC2600 before 1.2.0.88, D7000 before 1.0.1.82, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before 1.1.0.84, R6330 before 1.1.0.84, R6350 before 1.1.0.84, R6700v2 before 1.2.0.88, R6800 before 1.2.0.88, R6850 before 1.1.0.84, R6900v2 before 1.2.0.88, R7200 before 1.2.0.88, R7350 before 1.2.0.88, R7400 before 1.2.0.88, and R7450 before 1.2.0.88.
The laser command injection vulnerability exists on AIS-BW80H-00 versions earlier than AIS-BW80H-00 9.0.3.4(H100SP13C00). The devices cannot effectively defend against external malicious interference. Attackers need the device to be visually exploitable and successful triggering of this vulnerability could execute voice commands on the device.
Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory.
A vulnerability in the command-line interface (CLI) in the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI utility. The attacker must be authenticated to access the CLI utility. A successful exploit could allow the attacker to execute commands with root privileges.