CVE-2017-17055 Details

CVE-2017-17055

Published: 2017-12-07
Last Modified: 2017-12-21
CVE Author: NIST National Vulnerability Database
CVE Assigner: cve@mitre.org
Summary

Artica Web Proxy before 3.06.112911 allows remote attackers to execute arbitrary code as root by conducting a cross-site scripting (XSS) attack involving the username-form-id parameter to freeradius.users.php.

Analysis
Common Vulnerability Score System v2.0
Severity High
Base Score 8.5/10
Exploit Score 6.8/10
Access Vector Network
Access Complexity Medium
Authentication Single
Impact Score 10/10
Confidentiality Impact Complete
Availability Impact Complete
Integrity Impact Complete
Vector String AV:N/AC:M/Au:S/C:C/I:C/A:C
Common Vulnerability Score System v3.1
Severity Critical
Base Score 9/10
Exploit Score 2.3/10
Access Vector Network
Access Complexity Low
Privileges Required Low
Impact Score 6/10
Confidentiality Impact High
Availability Impact High
Integrity Impact High
Scope Changed
User Interaction Required
Vector String CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Products Reported
CPE Vulnerable Start Excluding
cpe:2.3:a:articatech:artica_proxy:*:*:*:*:*:*:*:* Yes - 3.06.112911
References

http://hyp3rlinx.altervista.org/advisories/ARTICA-WEB-PROXY-v3.06-REMOTE-CODE-EXECUTION-CVE-2017-17055.txt
http://packetstormsecurity.com/files/145183/Artica-Web-Proxy-3.06.112216-Remote-Code-Execution.html
http://seclists.org/fulldisclosure/2017/Dec/3
https://www.exploit-db.com/exploits/43206/

CVE ID
CVE-2017-17055
Published
2017-12-07
Modified
2017-12-21
CVSSv2.0
High
CVSSv3.1
Critical
PCI Compliance
Fail
US-CERT Alert
No
CWE
CWE-78

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities.