Command injection in Xplico - CVE-2017-16666
Published: January 23, 2018 / Updated: June 17, 2021
Vulnerability identifier: #VU10154
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber
CVE-ID: CVE-2017-16666
CWE-ID: CWE-77
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vendor: Xplico
Affected software:
Xplico
Xplico
Detailed vulnerability description
The vulnerability allows a remote authenticated attacker to execute arbitrary commands on the targeted system.
The weakness exists due to improper security restrictions imposed by the affected software. A remote attacker can submit a specially crafted packet capture (PCAP) file, inject and execute arbitrary commands with root privileges.
Successful exploitation of the vulnerability may result in system compromise.
The weakness exists due to improper security restrictions imposed by the affected software. A remote attacker can submit a specially crafted packet capture (PCAP) file, inject and execute arbitrary commands with root privileges.
Successful exploitation of the vulnerability may result in system compromise.
How to mitigate CVE-2017-16666
Update to version 1.2.1.