CVE-2011-10017
BaseFortify
Publication date: 2025-08-13
Last updated on: 2025-08-14
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| symmetrix_technologies | snort_report | 1.3.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2011-10017 is a remote command execution vulnerability in Snort Report versions prior to 1.3.2. The vulnerability exists in the nmap.php and nbtscan.php scripts, which do not properly sanitize user input passed via the 'target' GET parameter. This allows an attacker to inject and execute arbitrary shell commands on the server hosting these scripts without requiring any authentication. Exploitation can lead to full compromise of the underlying system. [1, 4]
How can this vulnerability impact me? :
This vulnerability can have a critical impact as it allows remote attackers to execute arbitrary operating system commands on the affected server. Since no authentication or user interaction is required, an attacker can fully compromise the system, potentially gaining control over the server, accessing sensitive data, disrupting services, or using the server as a pivot point for further attacks. [1, 4]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending specially crafted HTTP GET requests to the vulnerable scripts (nmap.php or nbtscan.php) with the 'target' parameter containing a base64-encoded payload that executes commands on the server. One practical method is to use the Metasploit module 'snortreport_exec.rb' which automates this process by injecting a command string and parsing the response for execution output. Alternatively, manual detection can be attempted by sending an HTTP request like: curl 'http://<target>/snortreport-1.3.2/nmap.php?target=127.0.0.1 && echo XXXXX && id && echo ZZZZZ' and checking the response for the output between the markers 'XXXXX' and 'ZZZZZ'. If the output of the 'id' command or other shell commands is returned, the system is vulnerable. [2, 4]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade Snort Report to version 1.3.2 or later, as this version fixes the vulnerability by properly sanitizing user input in the nmap.php and nbtscan.php scripts. If upgrading is not immediately possible, restrict access to these scripts by limiting network exposure, applying firewall rules, or disabling the vulnerable scripts to prevent exploitation. Additionally, monitor network traffic for suspicious HTTP requests targeting these scripts and consider applying web application firewall (WAF) rules to block malicious payloads. [1, 3]