#VU7998 Privilege escalation in Automated Logic Corporation products - CVE-2017-9650
Published: August 23, 2017 / Updated: September 14, 2018
Vulnerability identifier: #VU7998
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/U:Amber
CVE-ID: CVE-2017-9650
CWE-ID: CWE-434
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vulnerable software:
WebCTRL
i-Vu
SiteScan Web
WebCTRL
i-Vu
SiteScan Web
Software vendor:
Automated Logic Corporation
Automated Logic Corporation
Description
The vulnerability allows a remote authenticated attacker to gain elevated privileges on the target system.
The weakness exists due to unrestricted upload of file with dangerous type. A remote attacker can upload malicious files and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
The weakness exists due to unrestricted upload of file with dangerous type. A remote attacker can upload malicious files and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
Remediation
Install updates from vendor's website.