Thursday, 22 June 2017

On 05:52 by admin in    No comments
A vulnerability was found in OpenWebif Plugin up to 1.2.4 on E2. It has been classified as critical. This affects the function eval() of the file plugin/controllers/models/config.py. The manipulation of the argument key as part of a GET Parameter leads to a privilege escalation vulnerability (command). CWE is classifying the issue as CWE-269. This is going to have an impact on confidentiality, integrity, and availability.

The weakness was released 06/22/2017 (GitHub Repository). The advisory is shared for download at github.com. This vulnerability is uniquely identified as CVE-2017-9807 since 06/21/2017. Technical details are known, but no exploit is available. The price for an exploit might be around USD $0-$5k at the moment (estimation calculated on 06/22/2017).

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

CVSSv3

VulDB Base Score≈5.5
VulDB Temp Score≈5.1
VulDB VectorCVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:U
VulDB Reliability: Low

CVSSv2

VulDB Base Score≈4.1 (CVSS2#AV:A/AC:M/Au:S/C:P/I:P/A:P)
VulDB Temp Score≈3.7 (CVSS2#E:ND/RL:ND/RC:UC)
VulDB Reliability: Low

CPE

  • cpe:/a:openwebif_plugin:openwebif_plugin:1.2.0
  • cpe:/a:openwebif_plugin:openwebif_plugin:1.2.1
  • cpe:/a:openwebif_plugin:openwebif_plugin:1.2.2
  • cpe:/a:openwebif_plugin:openwebif_plugin:1.2.3
  • cpe:/a:openwebif_plugin:openwebif_plugin:1.2.4

Exploiting

Class: Privilege escalation / Command (CWE-269)
Local: Yes
Remote: No

Availability: No

Price Prediction: steady
Current Price Estimation

0-Day$0-$5k$5k-$25k$25k-$100k$100k-$500k
Today$0-$5k$5k-$25k$25k-$100k$100k-$500k
Countermeasures
Recommended: no mitigation known
0-Day Time: 0 days since found

Timeline

06/21/2017   CVE assigned
06/22/2017  +1 days Advisory disclosed
06/22/2017  +0 days VulDB entry created
06/22/2017  +0 days VulDB last update

Sources

Advisorygithub.com
Status: Unconfirmed

CVE: CVE-2017-9807 (mitre.org) (nvd.nist.org) (cvedetails.com)


0 comments:

Post a comment