Miggo Logo

CVE-2018-16461: Command Injection in libnmap

10

CVSS Score

Basic Information

EPSS Score
0.80205%
Published
11/1/2018
Updated
9/7/2023
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
AV:N/AC:L/Au:N/C:C/I:C/A:C
Package NameEcosystemVulnerable VersionsFirst Patched Version
libnmapnpm< 0.4.160.4.16

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The key vulnerability stemmed from improper order in regex validation within the validation class. The patch shows a critical reversal from 'opts.ports.match(regex)' to 'regex.match(opts.ports)', indicating the original pattern allowed user input to be treated as executable regex. This function processes() user-supplied ports/range parameters that are directly used in nmap command construction, making it the injection vector. The POC's $(command) syntax would be interpreted during this validation phase when constructing system commands.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

V*rsions o* `li*nm*p` ***or* *.*.** *r* vuln*r**l* to *omm*n* inj**tion. Proo* o* *on**pt ```js *onst nm*p = r*quir*('li*nm*p'); *onst opts = { r*n**: [ 's**nm*.nm*p.or*', "x.x.$(tou** su***ss.txt)" ] }; nm*p.s**n(opts, *un

Reasoning

T** k*y vuln*r**ility st*mm** *rom improp*r or**r in r***x v*li**tion wit*in t** v*li**tion *l*ss. T** p*t** s*ows * *riti**l r*v*rs*l *rom 'opts.ports.m*t**(r***x)' to 'r***x.m*t**(opts.ports)', in*i**tin* t** ori*in*l p*tt*rn *llow** us*r input to