#VU37598 Format string error in Enterprise Manager - CVE-2017-17407

Cybersecurity Help s.r.o.

Published: 2018-01-23 | Updated: 2020-08-08

Vulnerability identifier: #VU37598

Vulnerability risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2017-17407

CWE-ID: CWE-134

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Enterprise Manager
Client/Desktop applications / Other client software

Vendor: F5 Networks

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of NetGain Systems Enterprise Manager v7.2.699 build 1001. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the content parameter provided to the script_test.jsp endpoint. A crafted content request parameter can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code under the context of the web service. Was ZDI-CAN-5080.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Enterprise Manager: 7.2.699

External links
https://zerodayinitiative.com/advisories/ZDI-17-954

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Enterprise Manager