CVE-2012-0262

critical

Published 2013-12-31 · Modified 2026-04-29

CVSS v3

—

CVSS v2

10.0

VIR risk

10.0

Description

op5config/welcome in system-op5config before 2.0.3 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the password parameter.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://secunia.com/advisories/47417

Application impact

Vendor	Product	Versions
op5	monitor	`{"endIncluding":"5.5.1"}`
op5	monitor	`5.3.5`
op5	monitor	`5.4.0`
op5	monitor	`5.4.2`
op5	monitor	`5.5.0`
op5	system-op5config	`{"endIncluding":"2.0.2"}`

References

http://seclists.org/fulldisclosure/2012/Jan/62
http://secunia.com/advisories/47417
http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf
http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/
http://www.osvdb.org/78065
https://bugs.op5.com/view.php?id=5094
http://seclists.org/fulldisclosure/2012/Jan/62
http://secunia.com/advisories/47417
http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf
http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/
http://www.osvdb.org/78065
https://bugs.op5.com/view.php?id=5094

CWEs

CWE-94

Verify integrity in audit chain (admin only). AS-IS.