CVE-2018-1000500
Description
Busybox contains a Missing SSL certificate validation vulnerability in The busybox wget applet that can result in arbitrary code execution. This attack appear to be exploitable via Simply download any file over HTTPS using busybox wget https://compromised-domain.com/important-file.
Risk Information
Base Score
8.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.559
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Tiny utilities for small and embedded systems (USN-4531-1) busybox_1.27.2-2ubuntu3.3_i386.deb | Linux |
| Tiny utilities for small and embedded systems (USN-4531-1) busybox_1.27.2-2ubuntu3.3_amd64.deb | Linux |
| Tiny utilities for small and embedded systems (USN-4531-1) busybox_1.30.1-4ubuntu6.2_i386.deb | Linux |
| Tiny utilities for small and embedded systems (USN-4531-1) busybox_1.30.1-4ubuntu6.2_amd64.deb | Linux |
| SUSE-SU-2022:4253-1(SUSE Linux Enterprise Server 12-SP5 ) busybox-1.35.0-4.3.1.x86_64.rpm | Linux |
| SUSE-SU-2022:3959-1(SUSE Linux Enterprise Module for Basesystem 15-SP4 ) busybox-static-1.35.0-150400.3.3.1.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234