#VU6550 Command injection in SenNet Data Logger - CVE-2017-6048
Published: May 16, 2017 / Updated: September 14, 2018
Vulnerability identifier: #VU6550
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber
CVE-ID: CVE-2017-6048
CWE-ID: CWE-77
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vulnerable software:
SenNet Data Logger
SenNet Data Logger
Software vendor:
Satel Iberia
Satel Iberia
Description
The vulnerability allows a remote unauthenticated attacker to execute arbitrary commands on a targeted system.
The weakness exists due to insufficient validation of user-supplied input. A remote attacker can break out the jailed shell, gain elevated privileges and execute arbitrary commands on the system.
Successful exploitation of the vulnerability may result in full system compromise.
The weakness exists due to insufficient validation of user-supplied input. A remote attacker can break out the jailed shell, gain elevated privileges and execute arbitrary commands on the system.
Successful exploitation of the vulnerability may result in full system compromise.
Remediation
Install update from vendor's website.