目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-78 OS命令中使用的特殊元素转义处理不恰当(OS命令注入) 类漏洞列表 2740

CWE-78 OS命令中使用的特殊元素转义处理不恰当(OS命令注入) 类弱点 2740 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-78即操作系统命令注入,属于输入验证缺陷。攻击者通过构造包含特殊字符的恶意输入,诱导程序拼接出非预期的系统命令,从而在服务器上执行任意代码。开发者应避免直接使用用户输入拼接命令,转而采用白名单过滤、参数化调用或安全API,确保外部数据仅作为参数而非命令结构的一部分,从根本上阻断注入路径。

MITRE CWE 官方描述
CWE:CWE-78 OS命令中特殊元素的不当中和('OS Command Injection') 英文:产品使用来自上游组件的外部影响输入来构建OS命令的全部或部分内容,但在将命令发送给下游组件时,未对可能修改预期OS命令的特殊元素进行中和或进行了错误的中和。 这种弱点可能导致在攻击者无法直接访问操作系统的环境中产生漏洞,例如在Web应用程序中。或者,如果该弱点出现在特权程序中,它可能允许攻击者指定通常无法访问的命令,或以攻击者不具备的特权调用备用命令。如果受影响的进程不遵循最小特权原则,问题会进一步加剧,因为攻击者控制的命令可能会以特殊的系统特权运行,从而增加损害程度。OS命令注入至少有两种子类型:应用程序意图执行一个单一的、固定的、由其自身控制程序。它意图使用外部提供的输入作为该程序的参数。例如,程序可能使用 system("nslookup [HOSTNAME]") 来运行 nslookup 并允许用户提供一个 HOSTNAME,该 HOSTNAME 用作参数。攻击者无法阻止 nslookup 的执行。然而,如果程序未从 HOSTNAME 参数中移除命令分隔符,攻击者可以将分隔符放入参数中,从而允许他们在 nslookup 执行完毕后执行自己的程序。应用程序接受一个输入,该输入用于完全选择要运行的程序以及要使用的命令。应用程序只是将整个命令重定向到操作系统。例如,程序可能使用 "exec([COMMAND])" 来执行由用户提供的 [COMMAND]。如果 COMMAND 处于攻击者控制之下,那么攻击者可以执行任意命令或程序。如果使用 exec() 和 CreateProcess() 等函数执行命令,攻击者可能无法在同一行中组合多个命令。从弱点角度来看,这些变体代表了不同的程序员错误。在第一种变体中,程序员显然意图让来自不受信任方的输入成为要执行的命令中的参数的一部分。在第二种变体中,程序员无意让命令对任何不受信任的方开放,但程序员可能未考虑到恶意攻击者提供输入的其他方式。
常见影响 (1)
Confidentiality, Integrity, Availability, Non-RepudiationExecute Unauthorized Code or Commands, DoS: Crash, Exit, or Restart, Read Files or Directories, Modify Files or Directories, Read Application Data, Modify Application Data, Hide Activities
Attackers could execute unauthorized operating system commands, which could then be used to disable the product, or read and modify data for which the attacker does not have permissions to access directly. Since the targeted application is directly executing the commands instead of the attacker, any…
缓解措施 (5)
Architecture and DesignIf at all possible, use library calls rather than external processes to recreate the desired functionality.
Architecture and Design, OperationRun the code in a "jail" or similar sandbox environment that enforces strict boundaries between the process and the operating system. This may effectively restrict which files can be accessed in a particular directory or which commands can be executed by the software. OS-level examples include the Unix chroot jail, AppArmor, and SELinux. In general, managed code may provide some protection. For ex…
Effectiveness: Limited
Architecture and DesignFor any data that will be used to generate a command to be executed, keep as much of that data out of external control as possible. For example, in web applications, this may require storing the data locally in the session's state instead of sending it out to the client in a hidden form field.
Architecture and DesignFor any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.
Architecture and DesignUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid. For example, consider using the ESAPI Encoding control [REF-45] or a similar tool, library, or framework. These will help the programmer encode outputs in a manner less prone to error.
代码示例 (2)
This example code intends to take the name of a user and list the contents of that user's home directory. It is subject to the first variant of OS command injection.
$userName = $_POST["user"]; $command = 'ls -l /home/' . $userName; system($command);
Bad · PHP
;rm -rf /
Attack
The following simple program accepts a filename as a command line argument and displays the contents of the file back to the user. The program is installed setuid root because it is intended for use as a learning tool to allow system administrators in-training to inspect privileged system files without giving them the ability to modify them or damage the system.
int main(int argc, char** argv) { char cmd[CMD_MAX] = "/usr/bin/cat "; strcat(cmd, argv[1]); system(cmd); }
Bad · C
CVE ID标题CVSS风险等级Published
CVE-2020-7805 KT Slim egg IML500和IML520 操作系统命令注入漏洞 — KT Slim egg IML500 9.8 -2020-05-07
CVE-2020-5332 Dell EMC RSA Archer 操作系统命令注入漏洞 — RSA Archer 7.2 High2020-05-04
CVE-2020-7351 NetFortris Fonality Trixbox endpoint_devicemap.php组件操作系统命令注入漏洞 — Trixbox Community Edition 7.3 High2020-05-01
CVE-2020-11016 IntelMQ Manager Monitor组件操作系统命令注入漏洞 — IntelMQ Manager 9.1 Critical2020-04-30
CVE-2020-7804 HANDYSOFT Handy Groupware 操作系统命令注入漏洞 — HandySoft Groupware(HShell.dll) for for Windows 7, 8, 10 6.4 Medium2020-04-29
CVE-2020-7350 Rapid7 Metasploit Framework libnotify插件操作系统命令注入漏洞 — Metasploit Framework 6.1 Medium2020-04-22
CVE-2020-5350 Dell EMC Integrated Data Protection Appliance 操作系统命令注入漏洞 — Integrated Data Protection Appliance 7.9 High2020-04-15
CVE-2020-10603 Advantech WebAccess/NMS 操作系统命令注入漏洞 — WebAccess/NMS 9.8 -2020-04-09
CVE-2020-10886 TP-Link Archer A7 AC1750 操作系统命令注入漏洞 — Archer A7 9.8 -2020-03-25
CVE-2020-10882 TP-Link Archer A7 AC1750 操作系统命令注入漏洞 — Archer A7 8.8 -2020-03-25
CVE-2020-5282 Nick Chan Bot 操作系统命令注入漏洞 — nickchanbot 7.2 High2020-03-25
CVE-2020-9054 多款ZyXEL产品 操作系统命令注入漏洞 — NAS326 9.8 -2020-03-04
CVE-2020-1734 Ansible pipe lookup插件操作系统命令注入漏洞 — Ansible 7.4 High2020-03-03
CVE-2020-3167 Cisco FXOS Software和Cisco UCS Manager Software 操作系统命令注入漏洞 — Cisco Adaptive Security Appliance (ASA) Software 7.8 -2020-02-26
CVE-2020-3169 Cisco Firepower 4100 Series和Firepower 9300 Security Appliances FXOS Software 操作系统命令注入漏洞 — Cisco Firepower Extensible Operating System (FXOS) 6.7 -2020-02-26
CVE-2020-3171 Cisco FXOS Software和Cisco UCS Manager 操作系统命令注入漏洞 — Cisco Adaptive Security Appliance (ASA) Software 7.8 -2020-02-26
CVE-2020-3173 Cisco UCS Manager Software 操作系统命令注入漏洞 — Cisco Unified Computing System (Managed) 7.8 -2020-02-26
CVE-2019-5138 Moxa AWK-3131A 操作系统命令注入漏洞 — Moxa 9.9 -2020-02-25
CVE-2019-5142 Moxa AWK-3131A 操作系统命令注入漏洞 — Moxa 7.2 -2020-02-25
CVE-2019-5141 Moxa AWK-3131A 操作系统命令注入漏洞 — Moxa 8.8 -2020-02-25
CVE-2019-5140 Moxa AWK-3131A操作系统命令注入漏洞 — Moxa 8.8 -2020-02-25
CVE-2020-8130 Ruby Rake 操作系统命令注入漏洞 — https://github.com/ruby/ruby 6.4 -2020-02-24
CVE-2020-8858 Moxa MGate 5105-MB-EIP 操作系统命令注入漏洞 — MGate 5105-MB-EIP 8.8 -2020-02-13
CVE-2019-17096 Bitdefender BOX 操作系统命令注入漏洞 — Bitdefender BOX 2 9.0 Critical2020-01-28
CVE-2019-17095 Bitdefender BOX 操作系统命令注入漏洞 — Bitdefender BOX 2 8.1 High2020-01-27
CVE-2019-10958 多款Geutebrück产品操作系统命令注入漏洞 — Geutebruck IP Cameras 7.2 -2020-01-17
CVE-2019-10956 多款Geutebrück产品操作系统命令注入漏洞 — Geutebruck IP Cameras 7.2 -2020-01-17
CVE-2019-15978 Cisco Data Center Network Manager 操作系统命令注入漏洞 — Cisco Data Center Network Manager 7.2 -2020-01-06
CVE-2019-15979 Cisco Data Center Network Manager 操作系统命令注入漏洞 — Cisco Data Center Network Manager 7.2 -2020-01-06
CVE-2019-16790 Tiny File Manager 代码问题漏洞 — Tiny File Manager 6.5 Medium2019-12-30

CWE-78(OS命令中使用的特殊元素转义处理不恰当(OS命令注入)) 是常见的弱点类别,本平台收录该类弱点关联的 2740 条 CVE 漏洞。