Privilege escalation in Automated Logic Corporation products - CVE-2017-9650
Published: August 23, 2017 / Updated: September 14, 2018
Vulnerability identifier: #VU7998
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/U:Amber
CVE-ID: CVE-2017-9650
CWE-ID: CWE-434
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vendor: Automated Logic Corporation
Affected software:
WebCTRL
i-Vu
SiteScan Web
WebCTRL
i-Vu
SiteScan Web
Detailed vulnerability description
The vulnerability allows a remote authenticated attacker to gain elevated privileges on the target system.
The weakness exists due to unrestricted upload of file with dangerous type. A remote attacker can upload malicious files and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
The weakness exists due to unrestricted upload of file with dangerous type. A remote attacker can upload malicious files and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
How to mitigate CVE-2017-9650
Install updates from vendor's website.