CVE-2017-14705
CVSS V2 High 9.3
CVSS V3 High 8.1
Description
DenyAll WAF before 6.4.1 allows unauthenticated remote command execution via TCP port 3001 because shell metacharacters can be inserted into the type parameter to the tailDateFile function in /webservices/stream/tail.php. An iToken authentication parameter is required but can be obtained by exploiting CVE-2017-14706. This affects DenyAll i-Suite LTS 5.5.0 through 5.5.12, i-Suite 5.6, Web Application Firewall 5.7, and Web Application Firewall 6.x before 6.4.1, with On Premises or AWS/Azure cloud deployments.
Overview
- CVE ID
- CVE-2017-14705
- Assigner
- cve@mitre.org
- Vulnerability Status
- Analyzed
- Published Version
- 2017-09-22T18:29:00
- Last Modified Date
- 2019-10-03T00:03:26
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:denyall:i-suite:5.5.0:*:*:*:lts:*:*:* | 1 | OR | ||
| cpe:2.3:a:denyall:i-suite:5.5.9:*:*:*:lts:*:*:* | 1 | OR | ||
| cpe:2.3:a:denyall:i-suite:5.5.10:*:*:*:lts:*:*:* | 1 | OR | ||
| cpe:2.3:a:denyall:i-suite:5.5.11:*:*:*:lts:*:*:* | 1 | OR | ||
| cpe:2.3:a:denyall:i-suite:5.5.12:*:*:*:lts:*:*:* | 1 | OR | ||
| cpe:2.3:a:denyall:i-suite:5.6.0:*:*:*:lts:*:*:* | 1 | OR | ||
| cpe:2.3:a:denyall:web_application_firewall:5.7.0:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:denyall:web_application_firewall:6.0.0:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:denyall:web_application_firewall:6.1.0:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:denyall:web_application_firewall:6.2.0:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:denyall:web_application_firewall:6.3.0:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:denyall:web_application_firewall:6.4.0:*:*:*:*:*:*:* | 1 | OR |
CVSS Version 2
- Version
- 2.0
- Vector String
- AV:N/AC:M/Au:N/C:C/I:C/A:C
- Access Vector
- NETWORK
- Access Compatibility
- MEDIUM
- Authentication
- NONE
- Confidentiality Impact
- COMPLETE
- Integrity Impact
- COMPLETE
- Availability Impact
- COMPLETE
- Base Score
- 9.3
- Severity
- HIGH
- Exploitability Score
- 8.6
- Impact Score
- 10
CVSS Version 3
- Version
- 3.0
- Vector String
- CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
- Attack Vector
- NETWORK
- Attack Compatibility
- HIGH
- Privileges Required
- NONE
- User Interaction
- NONE
- Scope
- UNCHANGED
- Confidentiality Impact
- HIGH
- Availability Impact
- HIGH
- Base Score
- 8.1
- Base Severity
- HIGH
- Exploitability Score
- 2.2
- Impact Score
- 5.9
References
| Reference URL | Reference Tags |
|---|---|
| https://www.denyall.com/blog/advisories/advisory-unauthenticated-remote-code-execution-denyall-web-application-firewall/ | Vendor Advisory |
| https://pentest.blog/advisory-denyall-web-application-firewall-unauthenticated-remote-code-execution/ | Exploit Technical Description Third Party Advisory |
| https://github.com/rapid7/metasploit-framework/pull/8980 | Exploit Third Party Advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2017-14705 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14705 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2022-05-10 17:22:49 | Added to TrackCVE | |||
| 2022-12-02 21:19:41 | 2017-09-22T18:29Z | 2017-09-22T18:29:00 | CVE Published Date | updated |
| 2022-12-02 21:19:41 | 2019-10-03T00:03:26 | CVE Modified Date | updated | |
| 2022-12-02 21:19:41 | Analyzed | Vulnerability Status | updated |