CVE-2017-9650

Опубликовано: 25 авг. 2017

Источник: nvd

CVSS3: 7.8

CVSS2: 4.6

EPSS Низкий

Описание

An Unrestricted Upload of File with Dangerous Type issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An authenticated attacker may be able to upload a malicious file allowing the execution of arbitrary code.

Ссылки

http://www.securityfocus.com/bid/100452
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-234-01
Mitigation
Third Party Advisory
US Government Resource
https://www.exploit-db.com/exploits/42544/
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/100452
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-234-01
Mitigation
Third Party Advisory
US Government Resource
https://www.exploit-db.com/exploits/42544/
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:automatedlogic:i-vu:*:*:*:*:*:*:*:*

Версия до 5.2 (включая)

cpe:2.3:a:automatedlogic:i-vu:*:*:*:*:*:*:*:*

Версия до 5.5 (включая)

cpe:2.3:a:automatedlogic:i-vu:*:*:*:*:*:*:*:*

Версия до 6.0 (включая)

cpe:2.3:a:automatedlogic:i-vu:*:*:*:*:*:*:*:*

Версия до 6.5 (включая)

cpe:2.3:a:automatedlogic:sitescan_web:*:*:*:*:*:*:*:*

Версия до 5.2 (включая)

cpe:2.3:a:automatedlogic:sitescan_web:*:*:*:*:*:*:*:*

Версия до 5.5 (включая)

cpe:2.3:a:automatedlogic:sitescan_web:*:*:*:*:*:*:*:*

Версия до 6.1 (включая)

cpe:2.3:a:automatedlogic:sitescan_web:*:*:*:*:*:*:*:*

Версия до 6.5 (включая)