PT-2018-8566 · Juniper Networks · Appformix
Publicado
2018-02-22
·
Atualizado
2019-10-03
·
CVE-2018-0015
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
AppFormix versions prior to 2.7.3
AppFormix versions 2.11 prior to 2.11.3
AppFormix versions 2.15 prior to 2.15.2
Description:
A malicious user with unrestricted access to the AppFormix application management platform may be able to access a Python debug console and execute system commands with root privilege. The AppFormix Agent exposes the debug console on a host where AppFormix Agent is executing, allowing an attacker to access the debug console and execute Python commands with root privilege. This issue has been seen in a production network, but there is no known case of malicious exploitation.
Recommendations:
For AppFormix versions prior to 2.7.3, update to version 2.7.3 or later.
For AppFormix versions 2.11 prior to 2.11.3, update to version 2.11.3 or later.
For AppFormix versions 2.15 prior to 2.15.2, update to version 2.15.2 or later.
Correção
Missing Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Appformix