Privilege escalation in OTRS - CVE-2017-16664
Published: November 27, 2017
Vulnerability identifier: #VU9423
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/U:Amber
CVE-ID: CVE-2017-16664
CWE-ID: CWE-78
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: otrs.org
Affected software:
OTRS
OTRS
Detailed vulnerability description
The vulnerability allows a remote authenticated attacker to gain elevated privileges on the target system.
The weakness exists due to insufficient security checks in the recovery procedure. A remote attacker who is logged into OTRS as an agent can request special URLs from OTRS and execute arbitrary shell commands with the permissions of the web server user.
Successful exploitation of the vulnerability may result in system compromise.
The weakness exists due to insufficient security checks in the recovery procedure. A remote attacker who is logged into OTRS as an agent can request special URLs from OTRS and execute arbitrary shell commands with the permissions of the web server user.
Successful exploitation of the vulnerability may result in system compromise.
How to mitigate CVE-2017-16664
Update to version 3.3.20, 4.0.26 or 5.0.24.