Main Vulnerability Database SB2017050406

SB2017050406 - Command injection in CyberVision Kaa IoT Platform

Published: May 4, 2017

Security Bulletin ID SB2017050406

CSH Severity

Low

Patch available

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) OS command injection (CVE-ID: CVE-2017-7911)

The vulnerability allows a remote authenticated user to execute arbitrary commands on the target system.

The weakness exists due to insufficient encapsulation of malicious data. A remote attacker can create files with custom content, replace files, and inject arbitrary OS commands.

Successful exploitation of the vulnerability results in arbitrary command execution.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://ics-cert.us-cert.gov/advisories/ICSA-17-122-02