CyberSec.Space Logo
Back to CVE Browser

CVE-2019-12585

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0110%
EPSS Percentile35.44th
PublishedJun 3, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and other products, has an Arbitrary Command Execution issue in apcupsd_status.php.

Affected Platforms (CPE)

πŸ“¦
Apcupsd

Apcupsd

= 0.3.91_5
πŸ“¦
Netgate

Pfsense

< 2.4.4
πŸ“¦
Netgate

Pfsense

= 2.4.4
πŸ“¦
Netgate

Pfsense

= 2.4.4
πŸ“¦
Netgate

Pfsense

= 2.4.4
πŸ“¦
Netgate

Pfsense

= 2.4.4

References & Advisories

πŸ”— https://ctrsec.io/index.php/2019/05/28/cve-2019-12584-12585-command-injection-vulnerability-on-pfsense-2-4-4-release-p3/
πŸ”— https://github.com/pfsense/FreeBSD-ports/commit/b492c0ea47aba8dde2f14183e71498ba207594e3
πŸ”— https://redmine.pfsense.org/issues/9556
πŸ”— https://ctrsec.io/index.php/2019/05/28/cve-2019-12584-12585-command-injection-vulnerability-on-pfsense-2-4-4-release-p3/
πŸ”— https://github.com/pfsense/FreeBSD-ports/commit/b492c0ea47aba8dde2f14183e71498ba207594e3
πŸ”— https://redmine.pfsense.org/issues/9556

Related Vulnerabilities

CVE-2003-009810.0

Unknown vulnerability in apcupsd before 3.8.6, and 3.10.x before 3.10.5, allows remote attackers to gain root privileges, possibly...

CVE-2017-78848.4

In Adam Kropelin adk0212 APC UPS Daemon through 3.14.14, the default installation of APCUPSD allows a local authenticated, but unp...

CVE-2003-00997.2

Multiple buffer overflows in apcupsd before 3.8.6, and 3.10.x before 3.10.5, may allow attackers to cause a denial of service or e...

CVE-2019-125846.1

Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and other products, has an XSS issue in apcupsd_status.php.