Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2015-7698

icewind1991 SMB before 1.0.3 allows remote authenticated users to execute arbitrary SMB commands via shell metacharacters in the user argument in the (1) listShares function in Server.php or the (2) connect or (3) read function in Share.php.

Published

2015-10-21T18:59:06.410

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 9.0 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

8.0

Impact Score

10.0

Weaknesses

Type: Primary
CWE-78

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	owncloud	smb	≤ 1.0.2	Yes
Application	owncloud	owncloud	≤ 8.1.1	Yes

References

https://github.com/icewind1991/SMB/commit/33ab10cc4d5c3e48cba3a074b5f9fc67590cd032 Vendor Advisory ([email protected])
https://owncloud.org/security/advisory/?id=oc-sa-2015-017 ([email protected])
https://github.com/icewind1991/SMB/commit/33ab10cc4d5c3e48cba3a074b5f9fc67590cd032 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://owncloud.org/security/advisory/?id=oc-sa-2015-017 (af854a3a-2127-422b-91ae-364da2661108)