A vulnerability was found in AppUse 4.0. It has been declared as critical. Affected by this vulnerability is an unknown function. The manipulation of the argument proxy with an unknown input leads to a privilege escalation vulnerability (Shell). The CWE definition for the vulnerability is CWE-269. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:
AppUse 4.0 allows shell command injection via a proxy field.
The weakness was disclosed 07/25/2017. This vulnerability is known as CVE-2017-11566 since 07/23/2017. Technical details are known, but no exploit is available. The price for an exploit might be around USD $0-$5k at the moment.
There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
CVSSv3
VulDB Base Score: ≈5.5
VulDB Temp Score: ≈5.5
VulDB Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:X
VulDB Reliability: Low
CVSSv2
VulDB Base Score: ≈4.1 (CVSS2#AV:A/AC:M/Au:S/C:P/I:P/A:P)
VulDB Temp Score: ≈4.1 (CVSS2#E:ND/RL:ND/RC:ND)
VulDB Reliability: Low
CPE
Exploiting
Class: Privilege escalation / Shell (CWE-269)
Local: Yes
Remote: No
Availability: No
Price Prediction: steady
Current Price Estimation:
| 0-Day | $0-$5k | $5k-$25k | $25k-$100k | $100k-$500k |
|---|
| Today | $0-$5k | $5k-$25k | $25k-$100k | $100k-$500k |
|---|
Countermeasures
Recommended: no mitigation known
0-Day Time: 0 days since found
Timeline
07/23/2017 CVE assigned
07/25/2017 +2 days Advisory disclosed
07/26/2017 +1 days VulDB entry created
07/26/2017 +0 days VulDB last update
Sources
CVE: CVE-2017-11566 (mitre.org) (nvd.nist.org) (cvedetails.com)
0 comments:
Post a comment