PT-2017-2607 · U.Motion · U.Motion Builder

Published

2017-06-27

Updated

2019-10-03

CVE-2017-9959

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions U.motion Builder versions 1.2.1 and prior

Description A vulnerability exists in the system where it accepts reboot in session from unauthenticated users, supporting a denial of service condition. The issue is caused by an access control error, which can be exploited by a local attacker to cause a denial of service by restarting the session.

Recommendations For U.motion Builder versions 1.2.1 and prior, consider restricting access to the system to prevent unauthenticated users from rebooting the session until a fix is available. As a temporary workaround, restrict the ability for unauthenticated users to interact with the system to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-730

Related Identifiers

BDU:2017-01825

CVE-2017-9959

Affected Products

U.Motion Builder

PT-2017-2607 · U.Motion · U.Motion Builder

CVE-2017-9959

Weakness Enumeration

Related Identifiers

Affected Products

References · 8