Π›ΠΎΠ³ΠΎΡ‚ΠΈΠΏ exploitDog
Консоль
Π›ΠΎΠ³ΠΎΡ‚ΠΈΠΏ exploitDog

exploitDog

nvd Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2017-7796

ΠžΠΏΡƒΠ±Π»ΠΈΠΊΠΎΠ²Π°Π½ΠΎ: 11 июн. 2018
Π˜ΡΡ‚ΠΎΡ‡Π½ΠΈΠΊ: nvd
CVSS3: 4.7
CVSS2: 3.3
EPSS Низкий

Π£ΡΠ·Π²ΠΈΠΌΠΎΡΡ‚ΡŒ удалСния Ρ„Π°ΠΉΠ»ΠΎΠ² ΠΏΡ€ΠΈ ΠΎΠ±Π½ΠΎΠ²Π»Π΅Π½ΠΈΠΈ Windows с использованиСм Π½Π΅Π²Π΅Ρ€Π½ΠΎΠ³ΠΎ ΠΏΡƒΡ‚ΠΈ ΠΊ Ρ„Π°ΠΉΠ»Ρƒ "update.log"

ОписаниС

На систСмах Windows ΠΆΡƒΡ€Π½Π°Π» ΠΎΠ±Π½ΠΎΠ²Π»Π΅Π½ΠΈΠΉ удаляСт Ρ„Π°ΠΉΠ» "update.log" ΠΏΠ΅Ρ€Π΅Π΄ Ρ‚Π΅ΠΌ, ΠΊΠ°ΠΊ Π·Π°ΠΏΠΈΡΠ°Ρ‚ΡŒ Π½ΠΎΠ²Ρ‹ΠΉ ΠΆΡƒΡ€Π½Π°Π» с Ρ‚Π΅ΠΌ ΠΆΠ΅ ΠΈΠΌΠ΅Π½Π΅ΠΌ. ΠŸΡƒΡ‚ΡŒ ΠΊ этому Ρ„Π°ΠΉΠ»Ρƒ пСрСдаСтся Π² ΠΊΠΎΠΌΠ°Π½Π΄Π½ΠΎΠΉ строкС, Ρ‡Ρ‚ΠΎ ΠΌΠΎΠΆΠ΅Ρ‚ ΠΏΠΎΠ·Π²ΠΎΠ»ΠΈΡ‚ΡŒ Π·Π»ΠΎΡƒΠΌΡ‹ΡˆΠ»Π΅Π½Π½ΠΈΠΊΠ°ΠΌ Π² сочСтании с Π΄Ρ€ΡƒΠ³ΠΈΠΌ локальной ΡƒΡΠ·Π²ΠΈΠΌΠΎΡΡ‚ΡŒΡŽ ΡƒΠ΄Π°Π»ΠΈΡ‚ΡŒ Π΄Ρ€ΡƒΠ³ΠΎΠΉ Ρ„Π°ΠΉΠ» с ΠΈΠΌΠ΅Π½Π΅ΠΌ "update.log", Π° Π½Π΅ Ρ‚ΠΎΡ‚, ΠΊΠΎΡ‚ΠΎΡ€Ρ‹ΠΉ прСдполагаСтся.

Π—Π°Ρ‚Ρ€ΠΎΠ½ΡƒΡ‚Ρ‹Π΅ вСрсии ПО

  • Firefox Π½Π° Windows вСрсий Π½ΠΈΠΆΠ΅ 55

Π’ΠΈΠΏ уязвимости

Π£Π΄Π°Π»Π΅Π½ΠΈΠ΅ Ρ„Π°ΠΉΠ»ΠΎΠ²

Бсылки

УязвимыС ΠΊΠΎΠ½Ρ„ΠΈΠ³ΡƒΡ€Π°Ρ†ΠΈΠΈ

ΠšΠΎΠ½Ρ„ΠΈΠ³ΡƒΡ€Π°Ρ†ΠΈΡ 1

ΠžΠ΄Π½ΠΎΠ²Ρ€Π΅ΠΌΠ΅Π½Π½ΠΎ

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
ВСрсия Π΄ΠΎ 55.0 (ΠΈΡΠΊΠ»ΡŽΡ‡Π°Ρ)
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

EPSS

ΠŸΡ€ΠΎΡ†Π΅Π½Ρ‚ΠΈΠ»ΡŒ: 18%
0.00057
Низкий

4.7 Medium

CVSS3

3.3 Low

CVSS2

Π”Π΅Ρ„Π΅ΠΊΡ‚Ρ‹

CWE-20

БвязанныС уязвимости

ubuntu Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2017-7796

CVSS3: 4.7
ubuntu
большС 7 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

On Windows systems, the logger run by the Windows updater deletes the file "update.log" before it runs in order to write a new log of that name. The path to this file is supplied at the command line to the updater and could be used in concert with another local exploit to delete a different file named "update.log" instead of the one intended. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Firefox < 55.

debian Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2017-7796

CVSS3: 4.7
debian
большС 7 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

On Windows systems, the logger run by the Windows updater deletes the ...

github Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

GHSA-vqcv-9479-342r

CVSS3: 4.7
github
большС 3 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

On Windows systems, the logger run by the Windows updater deletes the file "update.log" before it runs in order to write a new log of that name. The path to this file is supplied at the command line to the updater and could be used in concert with another local exploit to delete a different file named "update.log" instead of the one intended. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Firefox < 55.

EPSS

ΠŸΡ€ΠΎΡ†Π΅Π½Ρ‚ΠΈΠ»ΡŒ: 18%
0.00057
Низкий

4.7 Medium

CVSS3

3.3 Low

CVSS2

Π”Π΅Ρ„Π΅ΠΊΡ‚Ρ‹

CWE-20
Π£ΡΠ·Π²ΠΈΠΌΠΎΡΡ‚ΡŒ CVE-2017-7796