CVE-2018-8938

CVE Database · CVE-2018-8938

CVE-2018-8938

· N/AModified

CVSS v3.1

N/A

EPSS

2.29%

Published

May 1, 2018

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A Code Injection issue was discovered in DlgSelectMibFile.asp in Ipswitch WhatsUp Gold before 2018 (18.0). Malicious actors can inject a specially crafted SNMP MIB file that could allow them to execute arbitrary commands and code on the WhatsUp Gold server.

Weaknesses (CWE)

CWE-94

Affected Products (1)

progress · whatsup_gold (up to 18.0)vulnerable

References (2)

https://docs.ipswitch.com/NM/WhatsUpGold2018/01_ReleaseNotes/index.htm

Release NotesVendor Advisory

https://docs.ipswitch.com/NM/WhatsUpGold2018/01_ReleaseNotes/index.htm

Release NotesVendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs