Main Vulnerability Database Vulnerabilities #VU7236

#VU7236 Path traversal in Kaspersky Anti-Virus - CVE-2017-9812

Published: June 29, 2017 / Updated: September 14, 2018

Vulnerability identifier: #VU7236

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2017-9812

CWE-ID: CWE-22

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
Kaspersky Anti-Virus

Software vendor:
Kaspersky Lab

Description

The vulnerability allows a remote authenticated attacker to obtain potentially sensitive information on the target system.

The weakness exists due to a path traversal flaw in the Web Management Console. A remote attacker can send a specially crafted input and view files on the target system with the 'kluser' privileges.

Successful exploitation of the vulnerability may result in information disclosure.

Remediation

Update to version 8.0.4.312.

External links

https://support.kaspersky.com/vulnerability.aspx?el=12430#280617

#VU7236 Path traversal in Kaspersky Anti-Virus - CVE-2017-9812

Description

Remediation

External links

Please verify you're human