#VU17395 Privilege escalation in Carousel
Vulnerability identifier: #VU17395
Vulnerability risk: Low
CVSSv3.1: 9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID:
CWE-ID:
CWE-264
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Carousel
Web applications /
Remote management & hosting panels
Vendor: Tightrope
Description
The vulnerability allows a remote attacker to gain elevated privileges on the target system.
The vulnerability exists due to arbitrary file upload. A remote attacker can make the SMB port available to remote systems, authenticate via SMB with Metasploit and gain full control over the system with administrator privileges.
Mitigation
Patch will be available on February 8.
Vulnerable software versions
Carousel: 7.0.0 - 7.0.4.104
External links
http://www.drewgreen.net/vulnerabilities-in-tightrope-media-systems-carousel/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
