Severity by source
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
The network protocol of Blade Shadow though 2.13.3 allows remote attackers to take control of a Shadow instance and execute arbitrary code by only knowing the victim's IP address, because packet data can be injected into the unencrypted UDP packet stream.
AnalysisAI
The network protocol of Blade Shadow though 2.13.3 allows remote attackers to take control of a Shadow instance and execute arbitrary code by only knowing the victim's IP address, because packet data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Technical ContextAI
The network protocol of Blade Shadow though 2.13.3 allows remote attackers to take control of a Shadow instance and execute arbitrary code by only knowing the victim's IP address, because packet data can be injected into the unencrypted UDP packet stream. Affected products include: Blade-Group Shadow.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain
In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the a
An issue was discovered in shadow 4.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no
Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap. Rated high severi
Privilege escalation can occur in the SUSE useradd.c code in useradd, as distributed in the SUSE shadow package through
In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger
Share
External POC / Exploit Code
Leaving vuln.today