Search criteria
2 vulnerabilities found for Hillstone Networks Web Application Firewall by Hillstone Networks
CVE-2024-8073 (GCVE-0-2024-8073)
Vulnerability from nvd – Published: 2024-08-26 02:19 – Updated: 2024-08-27 19:00
VLAI?
Title
Command Injection Vulnerability in Hillstone Networks Web Application Firewall
Summary
Improper Input Validation vulnerability in Hillstone Networks Hillstone Networks Web Application Firewall on 5.5R6 allows Command Injection.This issue affects Hillstone Networks Web Application Firewall: from 5.5R6-2.6.7 through 5.5R6-2.8.13.
Severity ?
9.8 (Critical)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hillstone Networks | Hillstone Networks Web Application Firewall |
Affected:
2.6.7 , ≤ 2.8.13
(custom)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hillstonenet:web_application_firewall:5.5r6-2.6.7:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "web_application_firewall",
"vendor": "hillstonenet",
"versions": [
{
"lessThanOrEqual": "5.5R6-2.8.13",
"status": "affected",
"version": "5.5r6-2.6.7",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8073",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-27T18:44:24.297231Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-27T19:00:27.959Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"5.5R6"
],
"product": "Hillstone Networks Web Application Firewall",
"vendor": "Hillstone Networks",
"versions": [
{
"lessThanOrEqual": "2.8.13",
"status": "affected",
"version": "2.6.7",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-08-26T00:53:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Input Validation vulnerability in Hillstone Networks Hillstone Networks Web Application Firewall on 5.5R6 allows Command Injection.\u003cp\u003eThis issue affects Hillstone Networks Web Application Firewall: from\u0026nbsp;5.5R6-2.6.7 through 5.5R6-2.8.13.\u003c/p\u003e"
}
],
"value": "Improper Input Validation vulnerability in Hillstone Networks Hillstone Networks Web Application Firewall on 5.5R6 allows Command Injection.This issue affects Hillstone Networks Web Application Firewall: from\u00a05.5R6-2.6.7 through 5.5R6-2.8.13."
}
],
"impacts": [
{
"capecId": "CAPEC-248",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-248 Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-26T02:19:48.164Z",
"orgId": "2b565742-f273-46f9-b583-07c1fcdea31a",
"shortName": "Hillstone"
},
"references": [
{
"url": "https://www.hillstonenet.com.cn/security-notification/2024/08/21/mlzrld-2/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade the WAF device to version 5.5R6-2.8.14 or higher.\u0026nbsp;\u003cbr\u003e"
}
],
"value": "Upgrade the WAF device to version 5.5R6-2.8.14 or higher."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Command Injection Vulnerability in Hillstone Networks Web Application Firewall",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "If an upgrade is not feasible in the short term, we advise mitigating the risk by configuring a \"Trusted Host Access\" policy.\n\n\u003cbr\u003e"
}
],
"value": "If an upgrade is not feasible in the short term, we advise mitigating the risk by configuring a \"Trusted Host Access\" policy."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2b565742-f273-46f9-b583-07c1fcdea31a",
"assignerShortName": "Hillstone",
"cveId": "CVE-2024-8073",
"datePublished": "2024-08-26T02:19:48.164Z",
"dateReserved": "2024-08-22T09:28:58.926Z",
"dateUpdated": "2024-08-27T19:00:27.959Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8073 (GCVE-0-2024-8073)
Vulnerability from cvelistv5 – Published: 2024-08-26 02:19 – Updated: 2024-08-27 19:00
VLAI?
Title
Command Injection Vulnerability in Hillstone Networks Web Application Firewall
Summary
Improper Input Validation vulnerability in Hillstone Networks Hillstone Networks Web Application Firewall on 5.5R6 allows Command Injection.This issue affects Hillstone Networks Web Application Firewall: from 5.5R6-2.6.7 through 5.5R6-2.8.13.
Severity ?
9.8 (Critical)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hillstone Networks | Hillstone Networks Web Application Firewall |
Affected:
2.6.7 , ≤ 2.8.13
(custom)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hillstonenet:web_application_firewall:5.5r6-2.6.7:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "web_application_firewall",
"vendor": "hillstonenet",
"versions": [
{
"lessThanOrEqual": "5.5R6-2.8.13",
"status": "affected",
"version": "5.5r6-2.6.7",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8073",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-27T18:44:24.297231Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-27T19:00:27.959Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"5.5R6"
],
"product": "Hillstone Networks Web Application Firewall",
"vendor": "Hillstone Networks",
"versions": [
{
"lessThanOrEqual": "2.8.13",
"status": "affected",
"version": "2.6.7",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-08-26T00:53:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Input Validation vulnerability in Hillstone Networks Hillstone Networks Web Application Firewall on 5.5R6 allows Command Injection.\u003cp\u003eThis issue affects Hillstone Networks Web Application Firewall: from\u0026nbsp;5.5R6-2.6.7 through 5.5R6-2.8.13.\u003c/p\u003e"
}
],
"value": "Improper Input Validation vulnerability in Hillstone Networks Hillstone Networks Web Application Firewall on 5.5R6 allows Command Injection.This issue affects Hillstone Networks Web Application Firewall: from\u00a05.5R6-2.6.7 through 5.5R6-2.8.13."
}
],
"impacts": [
{
"capecId": "CAPEC-248",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-248 Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-26T02:19:48.164Z",
"orgId": "2b565742-f273-46f9-b583-07c1fcdea31a",
"shortName": "Hillstone"
},
"references": [
{
"url": "https://www.hillstonenet.com.cn/security-notification/2024/08/21/mlzrld-2/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade the WAF device to version 5.5R6-2.8.14 or higher.\u0026nbsp;\u003cbr\u003e"
}
],
"value": "Upgrade the WAF device to version 5.5R6-2.8.14 or higher."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Command Injection Vulnerability in Hillstone Networks Web Application Firewall",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "If an upgrade is not feasible in the short term, we advise mitigating the risk by configuring a \"Trusted Host Access\" policy.\n\n\u003cbr\u003e"
}
],
"value": "If an upgrade is not feasible in the short term, we advise mitigating the risk by configuring a \"Trusted Host Access\" policy."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2b565742-f273-46f9-b583-07c1fcdea31a",
"assignerShortName": "Hillstone",
"cveId": "CVE-2024-8073",
"datePublished": "2024-08-26T02:19:48.164Z",
"dateReserved": "2024-08-22T09:28:58.926Z",
"dateUpdated": "2024-08-27T19:00:27.959Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}