CVE-2017-15643

CVSS V2 High 7.6 CVSS V3 High 7.4
Description
An active network attacker (MiTM) can achieve remote code execution on a machine that runs IKARUS Anti Virus 2.16.7. IKARUS AV for Windows uses cleartext HTTP for updates along with a CRC32 checksum and an update value for verification of the downloaded files. The attacker first forces the client to initiate an update transaction by modifying an update field within an HTTP 200 response, so that it refers to a nonexistent update. The attacker then modifies the HTTP 404 response so that it specifies a successfully found update, with a Trojan horse executable file (e.g., guardxup.exe) and the correct CRC32 checksum for that file.
Overview
  • CVE ID
  • CVE-2017-15643
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2017-10-19T22:29:00
  • Last Modified Date
  • 2017-11-14T18:56:07
Weakness Enumerations
CWE URL
CWE-444 http://cwe.mitre.org/data/definitions/444.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:ikarussecurity:ikarus_antivirus:2.16.7:*:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:H/Au:N/C:C/I:C/A:C
  • Access Vector
  • NETWORK
  • Access Compatibility
  • HIGH
  • Authentication
  • NONE
  • Confidentiality Impact
  • COMPLETE
  • Integrity Impact
  • COMPLETE
  • Availability Impact
  • COMPLETE
  • Base Score
  • 7.6
  • Severity
  • HIGH
  • Exploitability Score
  • 4.9
  • Impact Score
  • 10
CVSS Version 3
  • Version
  • 3.0
  • Vector String
  • CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Attack Vector
  • LOCAL
  • Attack Compatibility
  • HIGH
  • Privileges Required
  • NONE
  • User Interaction
  • NONE
  • Scope
  • UNCHANGED
  • Confidentiality Impact
  • HIGH
  • Availability Impact
  • HIGH
  • Base Score
  • 7.4
  • Base Severity
  • HIGH
  • Exploitability Score
  • 1.4
  • Impact Score
  • 5.9
References
Reference URL Reference Tags
https://www.ikarussecurity.com/about-ikarus/security-blog/vulnerability-in-windows-antivirus-products-ik-sa-2017-0001/ Vendor Advisory
https://blogs.securiteam.com/index.php/archives/3485 Exploit Technical Description Third Party Advisory
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2017-15643
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15643
History
Created Old Value New Value Data Type Notes
2022-05-10 08:11:39 Added to TrackCVE
2022-12-02 22:17:50 2017-10-19T22:29Z 2017-10-19T22:29:00 CVE Published Date updated
2022-12-02 22:17:50 2017-11-14T18:56:07 CVE Modified Date updated
2022-12-02 22:17:50 Analyzed Vulnerability Status updated