VIR Vulnerability Intelligence Relay

CVE-2012-2104

medium
Published 2012-08-26 · Modified 2026-04-29
CVSS v3
CVSS v2
6.8
VIR risk
6.8

Description

cgi-bin/munin-cgi-graph in Munin 2.x writes data to a log file without sanitizing non-printable characters, which might allow user-assisted remote attackers to inject terminal emulator escape sequences and execute arbitrary commands or delete arbitrary files via a crafted HTTP request.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2012-2104

OS impact
OSVersionStatusFixed in
debian debianbookwormfixed2.0~rc6-1
debian debianbullseyefixed2.0~rc6-1
debian debianforkyfixed2.0~rc6-1
debian debiansidfixed2.0~rc6-1
debian debiantrixiefixed2.0~rc6-1

Application impact
VendorProductVersionsFixed
munin-monitoringmunin2.0
munin-monitoringmunin2.1

References

CWEs

CWE-20

Verify integrity in audit chain (admin only). AS-IS.