Vulnerability Details : CVE-2000-0248
Public exploit exists!
The web GUI for the Linux Virtual Server (LVS) software in the Red Hat Linux Piranha package has a backdoor password that allows remote attackers to execute arbitrary commands.
Exploit prediction scoring system (EPSS) score for CVE-2000-0248
Probability of exploitation activity in the next 30 days: 1.33%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 86 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2000-0248
-
RedHat Piranha Virtual Server Package passwd.php3 Arbitrary Command Execution
Disclosure Date: 2000-04-04First seen: 2020-04-26exploit/linux/http/piranha_passwd_execThis module abuses two flaws - a metacharacter injection vulnerability in the HTTP management server of RedHat 6.2 systems running the Piranha LVS cluster service and GUI (rpm packages: piranha and piranha-gui). The vulnerability allows an authenticated attacker to e
CVSS scores for CVE-2000-0248
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
References for CVE-2000-0248
-
http://xforce.iss.net/alerts/advise46.php3
Patch;Vendor Advisory
Products affected by CVE-2000-0248
- cpe:2.3:o:redhat:linux:6.2:*:i386:*:*:*:*:*
- cpe:2.3:o:redhat:linux:6.2:*:alpha:*:*:*:*:*
- cpe:2.3:o:redhat:linux:6.2:*:sparc:*:*:*:*:*