Main Vulnerability Database Vulnerabilities #VU7236

Path traversal in Kaspersky Anti-Virus - CVE-2017-9812

Published: June 29, 2017 / Updated: September 14, 2018

Vulnerability identifier: #VU7236

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2017-9812

CWE-ID: CWE-22

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vendor: Kaspersky Lab

Affected software:
Kaspersky Anti-Virus

Detailed vulnerability description

The vulnerability allows a remote authenticated attacker to obtain potentially sensitive information on the target system.

The weakness exists due to a path traversal flaw in the Web Management Console. A remote attacker can send a specially crafted input and view files on the target system with the 'kluser' privileges.

Successful exploitation of the vulnerability may result in information disclosure.

How to mitigate CVE-2017-9812

Update to version 8.0.4.312.

Sources

https://support.kaspersky.com/vulnerability.aspx?el=12430#280617

Path traversal in Kaspersky Anti-Virus - CVE-2017-9812

Detailed vulnerability description

How to mitigate CVE-2017-9812

Sources

Please verify you're human