Main Vulnerability Database Vulnerabilities #VU9436

Authentication bypass in RSA Authentication Agent - CVE-2017-14377

Published: November 29, 2017

Vulnerability identifier: #VU9436

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-14377

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Dell

Affected software:
RSA Authentication Agent

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass authentication on the target system.

The weakness exists in RSA Authentication Agent for Web for Apache Web Server due to input validation flaw. A remote attacker can supply specially crafted data and gain access to resources ostensibly protected by the target agent.

How to mitigate CVE-2017-14377

Install update from vendor's website (8.0.1 Build 618).

Sources

http://seclists.org/fulldisclosure/2017/Nov/46

Authentication bypass in RSA Authentication Agent - CVE-2017-14377

Detailed vulnerability description

How to mitigate CVE-2017-14377

Sources

Please verify you're human