Wednesday, 26 July 2017
On 01:09 by admin in vulns No comments
A vulnerability was found in AppUse 4.0. It has been declared as critical. Affected by this vulnerability is an unknown function. The manipulation of the argument
proxy
with an unknown input leads to a privilege escalation vulnerability (Shell). The CWE definition for the vulnerability is CWE-269. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:AppUse 4.0 allows shell command injection via a proxy field.
The weakness was disclosed 07/25/2017. This vulnerability is known as CVE-2017-11566 since 07/23/2017. Technical details are known, but no exploit is available. The price for an exploit might be around USD $0-$5k at the moment.
There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
CVSSv3
VulDB Base Score: ≈5.5VulDB Temp Score: ≈5.5
VulDB Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:X
VulDB Reliability: Low
CVSSv2
VulDB Base Score: ≈4.1 (CVSS2#AV:A/AC:M/Au:S/C:P/I:P/A:P)VulDB Temp Score: ≈4.1 (CVSS2#E:ND/RL:ND/RC:ND)
VulDB Reliability: Low
CPE
- cpe:/a:appuse:appuse:4.0
Exploiting
Class: Privilege escalation / Shell (CWE-269)Local: Yes
Remote: No
Availability: No
Price Prediction: steady
Current Price Estimation:
0-Day | $0-$5k | $5k-$25k | $25k-$100k | $100k-$500k |
---|---|---|---|---|
Today | $0-$5k | $5k-$25k | $25k-$100k | $100k-$500k |
Countermeasures
Recommended: no mitigation known
0-Day Time: 0 days since found
Timeline
07/23/2017 CVE assigned07/25/2017 +2 days Advisory disclosed
07/26/2017 +1 days VulDB entry created
07/26/2017 +0 days VulDB last update
Sources
CVE: CVE-2017-11566 (mitre.org) (nvd.nist.org) (cvedetails.com)
Subscribe to:
Post Comments (Atom)
Search
Featured post
27 good hacker documentary
In the eyes of most people, a group of hackers usually extremely boring nothing interesting people, and that if only the computer code in ...

0 comments:
Post a comment