CVE-2017-9644

Опубликовано: 25 авг. 2017

Источник: nvd

CVSS3: 7

CVSS2: 6.9

EPSS Низкий

Описание

An Unquoted Search Path or Element issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An unquoted search path vulnerability may allow a non-privileged local attacker to change files in the installation directory and execute arbitrary code with elevated privileges.

Ссылки

http://www.securityfocus.com/bid/100454
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-234-01
Mitigation
Third Party Advisory
US Government Resource
https://www.exploit-db.com/exploits/42542/
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/100454
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-234-01
Mitigation
Third Party Advisory
US Government Resource
https://www.exploit-db.com/exploits/42542/
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:automatedlogic:i-vu:*:*:*:*:*:*:*:*

Версия до 5.2 (включая)

cpe:2.3:a:automatedlogic:i-vu:*:*:*:*:*:*:*:*

Версия до 5.5 (включая)

cpe:2.3:a:automatedlogic:i-vu:*:*:*:*:*:*:*:*

Версия до 6.0 (включая)

cpe:2.3:a:automatedlogic:i-vu:*:*:*:*:*:*:*:*

Версия до 6.5 (включая)

cpe:2.3:a:automatedlogic:sitescan_web:*:*:*:*:*:*:*:*

Версия до 5.2 (включая)

cpe:2.3:a:automatedlogic:sitescan_web:*:*:*:*:*:*:*:*

Версия до 5.5 (включая)

cpe:2.3:a:automatedlogic:sitescan_web:*:*:*:*:*:*:*:*

Версия до 6.1 (включая)

cpe:2.3:a:automatedlogic:sitescan_web:*:*:*:*:*:*:*:*

Версия до 6.5 (включая)