SB2017112126 - Privilege escalation in Open Ticket Request System
Published: November 21, 2017 Updated: November 27, 2017
Security Bulletin ID
SB2017112126
CSH Severity
High
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Privilege escalation (CVE-ID: CVE-2017-16664)
CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/U:Amber
The vulnerability allows a remote authenticated attacker to gain elevated privileges on the target system.
The weakness exists due to insufficient security checks in the recovery procedure. A remote attacker who is logged into OTRS as an agent can request special URLs from OTRS and execute arbitrary shell commands with the permissions of the web server user.
Successful exploitation of the vulnerability may result in system compromise.
Remediation
Install update from vendor's website.