CVE-2017-8051

CRITICAL(10.0)

AV:N/AC:L/Au:N/C:C/I:C/A:C

Risk Signal Score30/100 — MITTEL

CVSS 10 — Kritisch

EPSS-Score

16%

Exploit-Wahrscheinlichkeit (30 Tage)

CVSS Score

Technische Schwere

Beschreibung

Tenable Appliance 3.5 - 4.4.0, and possibly prior versions, contains a flaw in the simpleupload.py script in the Web UI. Through the manipulation of the tns_appliance_session_user parameter, a remote attacker can inject arbitrary commands.

Referenzen

http://www.tenable.com/security/tns-2017-07
https://vulndb.cyberriskanalytics.com/153135
https://www.exploit-db.com/exploits/41892/
http://www.tenable.com/security/tns-2017-07
https://vulndb.cyberriskanalytics.com/153135
https://www.exploit-db.com/exploits/41892/