CWE-77 – Improper Neutralization of Special Elements used in a Command (‘Command Injection’)

Read Time:1 Minute, 17 Second

Description

The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

Modes of Introduction:

– Architecture and Design

Likelihood of Exploit: High

 

Related Weaknesses

CWE-74
CWE-74

 

Consequences

Integrity, Confidentiality, Availability: Execute Unauthorized Code or Commands

If a malicious user injects a character (such as a semi-colon) that delimits the end of one command and the beginning of another, it may be possible to then insert an entirely new and unrelated command that was not intended to be executed.

 

Potential Mitigations

Phase: Architecture and Design

Effectiveness:

Description: 

If at all possible, use library calls rather than external processes to recreate the desired functionality.

Phase: Implementation

Effectiveness:

Description: 

If possible, ensure that all external commands called from the program are statically created.

Phase: Implementation

Effectiveness:

Description: 

Phase: Operation

Effectiveness:

Description: 

Run time: Run time policy enforcement may be used in an allowlist fashion to prevent use of any non-sanctioned commands.

Phase: System Configuration

Effectiveness:

Description: 

Assign permissions to the software system that prevents the user from accessing/opening privileged files.

CVE References

 

  • CVE-1999-0067
    • Canonical example of OS command injection. CGI program does not neutralize “|” metacharacter when invoking a phonebook program.
  • CVE-2019-12921
    • image program allows injection of commands in “Magick Vector Graphics (MVG)” language.
  • CVE-2020-11698
    • anti-spam product allows injection of SNMP commands into confiuration file