Main Vulnerability Database Exploits ID:1255 - Exploit for Path traversal in Kaspersky Anti-Virus - CVE-2017-9812

ID:1255 - Exploit for Path traversal in Kaspersky Anti-Virus - CVE-2017-9812

Published: March 18, 2020

Vulnerability identifier: #VU7236

Vulnerability risk: Low

CVE-ID: CVE-2017-9812

CWE-ID: CWE-22

Exploitation vector: Remote access

Vulnerable software:
Kaspersky Anti-Virus

Link to public exploit:

https://www.exploit-db.com/exploits/42269/

Vulnerability description

The vulnerability allows a remote authenticated attacker to obtain potentially sensitive information on the target system.

The weakness exists due to a path traversal flaw in the Web Management Console. A remote attacker can send a specially crafted input and view files on the target system with the 'kluser' privileges.

Successful exploitation of the vulnerability may result in information disclosure.

Remediation

Update to version 8.0.4.312.

ID:1255 - Exploit for Path traversal in Kaspersky Anti-Virus - CVE-2017-9812

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human