Two vulnerabilities in Acunetix

Published: 2017-05-30 16:46:08
Severity Low
Patch available YES
Number of vulnerabilities 2
CVE ID N/A
CVSSv3 7.9 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
7.9 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CWE ID CWE-427
Exploitation vector Local
Public exploit Public exploit code for vulnerability #1 is available.
Public exploit code for vulnerability #2 is available.
Vulnerable software Acunetix
Vulnerable software versions Acunetix 11.0.163541031
Acunetix 11.0
Vendor URL Acunetix

Security Advisory

1) DDL injection

Description

The vulnerability allows a local attacker to execute arbitrary code on the target system.

The weakness exists due to uncontrolled search path element when loading 'python3.dll' from 'C:\DLLs\'. A local attacker can load a specially crafted DLL file from 'C:\DLLs\' and execute the file with system privileges.

Successful exploitation of the vulnerability may result in full system compromise.

Remediation

Update to version 11.0.170941159.

External links

https://bogner.sh/2017/05/local-privilege-escalation-in-acunetix-11/

2) DDL injection

Description

The vulnerability allows a local attacker to execute arbitrary code on the target system.

The weakness exists due to improper access control. A local attacker can use C:\ProgramData\Acunetix 11 Trial\settings.ini or
C:\ProgramData\Acunetix 11 Trial\db\pg_hba.conf. file to access the PostgreSQL database server without authentication, cause the database to create a specially crafted DLL file and execute the file with system privileges.

Successful exploitation of the vulnerability may result in full system compromise.

Remediation

Update to version 11.0.170941159.

External links

https://bogner.sh/2017/05/another-local-privilege-escalation-in-acunetix-11/

Back to List