ID CVE-2017-9644
Summary An Unquoted Search Path or Element issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An unquoted search path vulnerability may allow a non-privileged local attacker to change files in the installation directory and execute arbitrary code with elevated privileges.
References
Vulnerable Configurations
  • cpe:2.3:a:automatedlogic:sitescan_web:5.2:*:*:*:*:*:*:*
    cpe:2.3:a:automatedlogic:sitescan_web:5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:automatedlogic:sitescan_web:5.5:*:*:*:*:*:*:*
    cpe:2.3:a:automatedlogic:sitescan_web:5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:automatedlogic:sitescan_web:6.1:*:*:*:*:*:*:*
    cpe:2.3:a:automatedlogic:sitescan_web:6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:carrier:automatedlogic_webctrl:5.2:*:*:*:*:*:*:*
    cpe:2.3:a:carrier:automatedlogic_webctrl:5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:carrier:automatedlogic_webctrl:5.5:*:*:*:*:*:*:*
    cpe:2.3:a:carrier:automatedlogic_webctrl:5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:carrier:automatedlogic_webctrl:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:carrier:automatedlogic_webctrl:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:carrier:automatedlogic_webctrl:6.1:*:*:*:*:*:*:*
    cpe:2.3:a:carrier:automatedlogic_webctrl:6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:automatedlogic:sitescan_web:6.5:*:*:*:*:*:*:*
    cpe:2.3:a:automatedlogic:sitescan_web:6.5:*:*:*:*:*:*:*
  • cpe:2.3:a:automatedlogic:i-vu:5.2:*:*:*:*:*:*:*
    cpe:2.3:a:automatedlogic:i-vu:5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:automatedlogic:i-vu:5.5:*:*:*:*:*:*:*
    cpe:2.3:a:automatedlogic:i-vu:5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:automatedlogic:i-vu:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:automatedlogic:i-vu:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:automatedlogic:i-vu:6.5:*:*:*:*:*:*:*
    cpe:2.3:a:automatedlogic:i-vu:6.5:*:*:*:*:*:*:*
  • cpe:2.3:a:carrier:automatedlogic_webctrl:6.5:*:*:*:*:*:*:*
    cpe:2.3:a:carrier:automatedlogic_webctrl:6.5:*:*:*:*:*:*:*
CVSS
Base: 6.9 (as of 27-07-2021 - 19:25)
Impact:
Exploitability:
CWE CWE-428
CAPEC
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:M/Au:N/C:C/I:C/A:C
refmap via4
bid 100454
exploit-db 42542
misc https://ics-cert.us-cert.gov/advisories/ICSA-17-234-01
Last major update 27-07-2021 - 19:25
Published 25-08-2017 - 19:29
Last modified 27-07-2021 - 19:25
Back to Top