CVE-2012-10040
BaseFortify
Publication date: 2025-08-11
Last updated on: 2025-08-11
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openfiler | openfiler | 2.x |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2012-10040 is a command injection vulnerability in Openfiler version 2.x. It occurs because the 'device' parameter on the system.html page is used unsafely to instantiate a NetworkCard object, whose constructor calls the exec() function with this unsanitized input. An authenticated attacker can exploit this flaw by sending specially crafted HTTP requests with malicious input in the 'device' parameter, allowing them to execute arbitrary commands as the 'openfiler' user. Furthermore, due to misconfigured sudoers, the 'openfiler' user can escalate privileges to root by running 'sudo /bin/bash' without a password, resulting in full system compromise. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability allows an authenticated attacker to execute arbitrary commands on the affected Openfiler system remotely, initially with the privileges of the 'openfiler' user. Because the 'openfiler' user can escalate privileges to root without a password, the attacker can gain full root access to the system. This can lead to complete system compromise, unauthorized data access, modification or deletion of files, disruption of services, and potential use of the system as a launchpad for further attacks. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by verifying if the target system is running Openfiler version 2.x and by checking the HTTP response for specific version strings or page titles related to Openfiler 2.x. One method is to send an authenticated HTTP GET request to the URI '/admin/system.html' and inspect the response for indicators of the vulnerable version. Additionally, using the Metasploit module for CVE-2012-10040 can perform an automated check by sending crafted requests to the 'device' parameter and verifying if command injection is possible. The module also handles authentication with default or known credentials (default username 'openfiler' and password 'password') and targets the HTTP service on port 446 (optionally over SSL). [1, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the Openfiler management interface, especially the '/admin/system.html' page, to trusted and authenticated users only. Change default credentials from 'openfiler'/'password' to strong, unique passwords to prevent unauthorized authentication. Disable or restrict sudo privileges for the 'openfiler' user to prevent privilege escalation via 'sudo /bin/bash' without a password. Applying any available patches or updates from the vendor that address this vulnerability is recommended. If patches are not available, consider isolating the affected system from untrusted networks and monitoring for suspicious activity related to HTTP requests on port 446. [1, 2, 3]