PT-2018-8566 · Juniper Networks · Appformix
Published
2018-02-22
·
Updated
2019-10-03
·
CVE-2018-0015
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
AppFormix versions prior to 2.7.3
AppFormix versions 2.11 prior to 2.11.3
AppFormix versions 2.15 prior to 2.15.2
Description:
A malicious user with unrestricted access to the AppFormix application management platform may be able to access a Python debug console and execute system commands with root privilege. The AppFormix Agent exposes the debug console on a host where AppFormix Agent is executing, allowing an attacker to access the debug console and execute Python commands with root privilege. This issue has been seen in a production network, but there is no known case of malicious exploitation.
Recommendations:
For AppFormix versions prior to 2.7.3, update to version 2.7.3 or later.
For AppFormix versions 2.11 prior to 2.11.3, update to version 2.11.3 or later.
For AppFormix versions 2.15 prior to 2.15.2, update to version 2.15.2 or later.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Appformix