CVE-2017-9812

Name of the Vulnerable Software and Affected Versions Kaspersky Anti-Virus for Linux File Server versions prior to 8.0.4.312

Description The issue is related to the reportId parameter of the getReportStatus action method in the web interface, which can be exploited to read arbitrary files with kluser privileges. This is due to a lack of protection for service data. The exploitation of this issue may allow a remote attacker to read arbitrary files.

Recommendations For versions prior to 8.0.4.312, update to version 8.0.4.312 or later to resolve the issue. As a temporary workaround, consider restricting access to the getReportStatus action method to minimize the risk of exploitation. Avoid using the reportId parameter in the affected API endpoint until the issue is resolved.