Apcupsd 0.3.91 5 Remote Code Execution Vulnerability

Summary

Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and other products, has an Arbitrary Command Execution issue in apcupsd_status.php.

Credit:

The information has been provided by Jim Pingle

The original article can be found at:https://redmine.pfsense.org/issues/9556


Details

Apcupsd is prone to a remote code-execution vulnerability.This allows a remote attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition. 

Vulnerable Systems:

  • Apcupsd 0.3.91 5

CVE Information:

CVE-2019-12585

Disclosure Timeline:
Publish Date:06/02/2019

Categories: News