OS command injection in Kaa IoT Platform - CVE-2017-7911
Published: May 4, 2017 / Updated: May 4, 2017
Vulnerability identifier: #VU6416
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-7911
CWE-ID: CWE-485
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: CyberVision
Affected software:
Kaa IoT Platform
Kaa IoT Platform
Detailed vulnerability description
The vulnerability allows a remote authenticated user to execute arbitrary commands on the target system.
The weakness exists due to insufficient encapsulation of malicious data. A remote attacker can create files with custom content, replace files, and inject arbitrary OS commands.
Successful exploitation of the vulnerability results in arbitrary command execution.
The weakness exists due to insufficient encapsulation of malicious data. A remote attacker can create files with custom content, replace files, and inject arbitrary OS commands.
Successful exploitation of the vulnerability results in arbitrary command execution.
How to mitigate CVE-2017-7911
Install update from vendor's website.