Main Vulnerability Database Exploits ID:2301 - Exploit for Improper Authentication in DotNetNuke - CVE-2017-9822

ID:2301 - Exploit for Improper Authentication in DotNetNuke - CVE-2017-9822

Published: April 7, 2020

Vulnerability identifier: #VU26548

Vulnerability risk: High

CVE-ID: CVE-2017-9822

CWE-ID: CWE-287

Exploitation vector: Remote access

Vulnerable software:
DotNetNuke

Link to public exploit:

https://www.rapid7.com/db/modules/exploit/windows/http/dnn_cookie_deserialization_rce

Vulnerability description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to application uses cookies in an insecure way. A remote attacker can decode the cookie and use information from the cookie to impersonate other web application users and gain full access to the web application.

Successful exploitation of the vulnerability may allow an attacker to gain administrative access to the application and compromise it.

Remediation

Install updates from vendor's website.

ID:2301 - Exploit for Improper Authentication in DotNetNuke - CVE-2017-9822

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human