Lucene search

MitreCVE-2017-14537

HistoryFeb 16, 2018 - 4:29 a.m.

CVE-2017-14537

2018-02-1604:29:00

CWE-22

mitre

web.nvd.nist.gov

trixbox

2.8.0.4

path traversal

xajaxargs

parameter

security vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.01

Percentile

83.7%

JSON

trixbox 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php.

Affected configurations

Nvd

Node

netfortristrixboxMatch2.8.0.4

VendorProductVersionCPE
netfortristrixbox2.8.0.4cpe:2.3:a:netfortris:trixbox:2.8.0.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
netfortris	trixbox	2.8.0.4	cpe:2.3:a:netfortris:trixbox:2.8.0.4:::::::*

References

packetstormsecurity.com/files/162853/Trixbox-2.8.0.4-Path-Traversal.html

www.securityfocus.com/bid/103007

github.com/Hacker5preme/Exploits/tree/main/CVE-2017-14537-Exploit

secur1tyadvisory.wordpress.com/2018/02/13/trixbox-multiple-path-traversal-vulnerabilities-cve-2017-14537/

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.01

Percentile

83.7%

JSON

Related for CVE-2017-14537