Imperva SecureSphere Remote Command Execution

Strike ID:
E18-rumj1
CVSS:
9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)
False Positive:
f
Variants:
2
Year:
2018

Description

This strike exploits a remote command execution in Imperva SecureSphere Web Application Firewall. The vulnerability resides in the lack of sanitization of the 'installer-address' parameter when the server statues is being queried. By exploiting this flaw, an attacker will be able to execute commands as the root user on the host system.

References