CVE-2017-17384 (GCVE-0-2017-17384)
Vulnerability from cvelistv5
Published
2017-12-07 08:00
Modified
2024-08-05 20:51
Severity ?
CWE
  • n/a
Summary
ISPConfig 3.x before 3.1.9 allows remote authenticated users to obtain root access by creating a crafted cron job.
References
cve@mitre.orghttps://www.ispconfig.org/blog/ispconfig-3-1-9-released-important-security-update/Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ispconfig.org/blog/ispconfig-3-1-9-released-important-security-update/Issue Tracking, Patch, Vendor Advisory
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T20:51:31.028Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ispconfig.org/blog/ispconfig-3-1-9-released-important-security-update/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-12-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "ISPConfig 3.x before 3.1.9 allows remote authenticated users to obtain root access by creating a crafted cron job."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-07T07:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ispconfig.org/blog/ispconfig-3-1-9-released-important-security-update/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-17384",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "ISPConfig 3.x before 3.1.9 allows remote authenticated users to obtain root access by creating a crafted cron job."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ispconfig.org/blog/ispconfig-3-1-9-released-important-security-update/",
              "refsource": "CONFIRM",
              "url": "https://www.ispconfig.org/blog/ispconfig-3-1-9-released-important-security-update/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-17384",
    "datePublished": "2017-12-07T08:00:00",
    "dateReserved": "2017-12-04T00:00:00",
    "dateUpdated": "2024-08-05T20:51:31.028Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-17384\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-12-07T08:29:00.223\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"ISPConfig 3.x before 3.1.9 allows remote authenticated users to obtain root access by creating a crafted cron job.\"},{\"lang\":\"es\",\"value\":\"Las versiones 3.x de ISPConfig anteriores a la 3.1.9 permiten que usuarios remotos autenticados obtengan acceso root mediante la creaci\u00f3n de un trabajo cron manipulado.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:C/I:C/A:C\",\"baseScore\":9.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-269\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ispconfig:ispconfig:3.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB25A272-8550-4177-AF5B-8243C209C9BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ispconfig:ispconfig:3.0.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"654B0006-9E49-49C7-BA08-FED043C919F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ispconfig:ispconfig:3.0.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CF1F2D5F-0D31-428F-89C9-5665DEA6E7D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ispconfig:ispconfig:3.0.2.2:b1:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE3B442C-458B-43AB-ADC1-695C6746CB24\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ispconfig:ispconfig:3.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0F0E1A2-66F5-4F49-9676-D27968E0C826\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ispconfig:ispconfig:3.0.3:b1:*:*:*:*:*:*\",\"matchCriteriaId\":\"D82F151B-56E7-4E53-97AD-67AB6F82678D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ispconfig:ispconfig:3.0.3:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"3BE133D3-E31D-4D86-9927-DF9D388610CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ispconfig:ispconfig:3.0.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0578B899-4214-4C50-AB54-E2E46E8C3B7F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ispconfig:ispconfig:3.0.3.1:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F975883-EADD-46BE-9F3C-F5173600C4E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ispconfig:ispconfig:3.0.3.1:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"BDD1EA7C-0F97-4D22-91B8-913C7CE23BF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ispconfig:ispconfig:3.0.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C0CADD4B-CFD2-4B18-9203-4839B14B5BDC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ispconfig:ispconfig:3.0.3.2:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"1220B372-EB56-46F7-A424-8E03610DD69C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ispconfig:ispconfig:3.0.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E508104E-6611-42CF-866C-C7501B8DAC6E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ispconfig:ispconfig:3.0.3.3:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"7AD721C0-B264-41B3-8525-7C1E19434267\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ispconfig:ispconfig:3.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36B30E68-F7F3-4739-978C-04403942B6D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ispconfig:ispconfig:3.0.4:b1:*:*:*:*:*:*\",\"matchCriteriaId\":\"592ECA84-36B6-4DA3-A203-1ABDC6A92FF1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ispconfig:ispconfig:3.0.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B60D6A69-5C58-4CCC-B9B7-D14956897383\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ispconfig:ispconfig:3.0.4.1:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1A7EA07-E26C-4245-9870-107595A00568\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ispconfig:ispconfig:3.0.4.1:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"57A57710-0BDF-4AC1-9573-39ADDC5099B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ispconfig:ispconfig:3.0.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D44566CD-5451-4398-9303-2A5D5D7EED44\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ispconfig:ispconfig:3.0.4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF5B2C25-A23E-45E0-BE5F-A98A887723C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ispconfig:ispconfig:3.0.4.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C59EBF7-774A-4A65-B809-CC2032D102F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ispconfig:ispconfig:3.0.4.6:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"4553523A-16EE-435D-9C1F-654D26295604\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ispconfig:ispconfig:3.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB98EF2E-2D54-41CA-8CCF-4A96D27FAC26\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ispconfig:ispconfig:3.0.5:alpha1:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE83DD0B-0C6A-4B24-AAE3-7F318FBC5A15\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ispconfig:ispconfig:3.0.5:b1:*:*:*:*:*:*\",\"matchCriteriaId\":\"A269AD48-3078-4D71-B636-7DA6BE707B03\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ispconfig:ispconfig:3.0.5:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F265805-54AE-41C2-ACC0-853B4D11C1A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ispconfig:ispconfig:3.0.5:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"A95965C7-11BA-4691-8DCD-5D1D26157240\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ispconfig:ispconfig:3.0.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C7C1F4F7-B594-453E-863B-2F4A50FFEF90\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ispconfig:ispconfig:3.0.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8055A41-F81A-4E94-9D5C-F14B67B4DE7A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ispconfig:ispconfig:3.0.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F2E01827-D853-4EF6-B624-5238028003E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ispconfig:ispconfig:3.0.5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE14FBE1-A644-432B-BD3D-F8A09A497CBB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ispconfig:ispconfig:3.0.5.4:b1:*:*:*:*:*:*\",\"matchCriteriaId\":\"27AA0130-E143-4D11-939E-705E0C175A3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ispconfig:ispconfig:3.0.5.4:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB17B921-DFBA-4735-B3AB-96B704EAC92C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ispconfig:ispconfig:3.0.5.4:p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE557601-14F3-42DD-8487-50902F4686B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ispconfig:ispconfig:3.0.5.4:p3:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD681B66-C8EB-4304-9B02-310A5693E348\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ispconfig:ispconfig:3.0.5.4:p4:*:*:*:*:*:*\",\"matchCriteriaId\":\"88192600-7EA6-4E1B-A7D9-A132753FAC70\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ispconfig:ispconfig:3.0.5.4:p5:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCE1C7E3-4771-4E8D-AB2F-DC40D98FAD8A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ispconfig:ispconfig:3.0.5.4:p6:*:*:*:*:*:*\",\"matchCriteriaId\":\"163D851E-E31E-4E7E-96EB-AAFA482F8E4C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ispconfig:ispconfig:3.0.5.4:p7:*:*:*:*:*:*\",\"matchCriteriaId\":\"3CC97E41-8DF3-467A-BBFC-C5887B1A5B33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ispconfig:ispconfig:3.0.5.4:p8:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE933601-92FE-40CD-8E09-4871AB874CC2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ispconfig:ispconfig:3.0.5.4:p9:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F6DDEA2-AF2B-436C-B33B-30F3F987BDBF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ispconfig:ispconfig:3.0.5.4:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"EBDCA26A-2072-45BD-874C-8EBC3C2B0899\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ispconfig:ispconfig:3.0.5.4:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0342434-F3F8-4FF9-9734-0190E050A834\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ispconfig:ispconfig:3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F328ACFE-3AD0-4E72-8F0E-66035A815C60\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ispconfig:ispconfig:3.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A82B95BC-8335-4D62-9519-7AAECE87761F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ispconfig:ispconfig:3.1.1:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"27F7C0BA-A455-4B86-AFEC-BEDD539B628A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ispconfig:ispconfig:3.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"029CB7C5-1E3D-4827-BD13-D868097653AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ispconfig:ispconfig:3.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B3BF948-DE6F-4D62-92EE-8AB37460D82F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ispconfig:ispconfig:3.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D49EE881-A769-4F56-8B74-1C8644FD1CCE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ispconfig:ispconfig:3.1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"69199AD0-CD4B-4537-B230-7BD4B325B08B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ispconfig:ispconfig:3.1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"298E737E-F605-42F9-B126-4D722336A6FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ispconfig:ispconfig:3.1.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"15940226-5EFF-4799-8CF6-6488BB359FB6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ispconfig:ispconfig:3.1.7:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"55213C96-60DD-418A-B148-D8D8132C4143\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ispconfig:ispconfig:3.1.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B485EAF7-439C-413E-8FB4-5EDA155C5E77\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ispconfig:ispconfig:3.1.8:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"72CBEF4C-67F6-47D7-A774-7F38D1BF650E\"}]}]}],\"references\":[{\"url\":\"https://www.ispconfig.org/blog/ispconfig-3-1-9-released-important-security-update/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.ispconfig.org/blog/ispconfig-3-1-9-released-important-security-update/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.