CVE-2014-125118
BaseFortify
Publication date: 2025-07-25
Last updated on: 2025-07-29
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| escan | web_management_console | 5.5-2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2014-125118 is a critical command injection vulnerability in the eScan Web Management Console version 5.5-2. It occurs because the application does not properly sanitize the 'pass' parameter during login requests, allowing an authenticated attacker with a valid username to inject arbitrary operating system commands by submitting a specially crafted password. This injection happens via the login.php endpoint. The attacker can execute commands with the privileges of the 'mwconf' user and can escalate privileges to root by abusing the 'runasroot' utility. The exploit involves injecting commands prefixed by a semicolon in the password field, downloading a native ELF payload to the target system, making it executable, and running it to gain remote code execution and root access. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability allows an attacker with a valid username to remotely execute arbitrary commands on the affected system without user interaction. The attacker can gain a remote shell with the privileges of the 'mwconf' user and escalate to root privileges by exploiting the 'runasroot' utility. This can lead to full system compromise, including unauthorized access, data theft, system manipulation, and disruption of services. The high CVSS score (9.4) reflects the severe impact on confidentiality, integrity, availability, and overall system security. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can be performed by checking for the presence of the eScan Web Management Console's WebAdmin interface, typically accessible on port 10080. Additionally, monitoring login requests to login.php for suspicious 'pass' parameter values that include command injection patterns (such as semicolon-prefixed payloads) can help identify exploitation attempts. Using the Metasploit module EDB-32869 can also verify vulnerability presence by attempting to interact with the login.php endpoint and checking for command injection behavior. [2, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the eScan Web Management Console, especially the login.php endpoint, by limiting network exposure and applying firewall rules. Ensure only trusted users have valid usernames to reduce the risk of authenticated exploitation. Monitor and analyze logs for unusual login attempts with suspicious password parameters. If possible, update or patch the eScan Web Management Console to a version that addresses this vulnerability. As a temporary measure, disable or restrict the runasroot utility to prevent privilege escalation. [2, 3]