What is CVE-2011-10017?

CVE-2011-10017 is a vulnerability in Symmetrix Technologies Snort Report, classified under OS Command Injection. Published 2025-08-13.

Is CVE-2011-10017 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Symmetrix Technologies Snort Report

CVE-2011-10017

Snort Report versions < 1.3.2 contains a remote command execution vulnerability in the nmap.php and nbtscan.php scripts. These scripts fail to properly sanitize user input passed via the target GET parameter, allowing attackers to inject a…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.635 (98.4th percentile) — read the EPSS interpretation.

Affected products

Symmetrix Technologies Snort Report — versions 0

Weakness classification (CWE)

CWE-78 — OS Command Injection

Public proof-of-concept exploits

rapid7/metasploit-framework

References

raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/m… (exploit)
www.exploit-db.com/exploits/17947 (exploit)
web.archive.org/web/20111003093911/http://www.symmetrixtech.com/articles/news-0… (vendor-advisory, patch)
www.vulncheck.com/advisories/snort-report-rce (third-party-advisory)

Frequently asked questions

What is CVE-2011-10017?: CVE-2011-10017 is a vulnerability in Symmetrix Technologies Snort Report, classified under OS Command Injection. Published 2025-08-13.
Is CVE-2011-10017 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.