CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-16608

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within exec.jsp. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current user. Was ZDI-CAN-4749.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.224

EPSS Ranking 95.5%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

https://www.tenable.com/security/research/tra-2018-02
https://zerodayinitiative.com/advisories/ZDI-17-950
https://www.tenable.com/security/research/tra-2018-02
https://zerodayinitiative.com/advisories/ZDI-17-950

Products affected by CVE-2017-16608

Netgain-Systems » Enterprise Manager » Version: 7.2.699

cpe:2.3:a:netgain-systems:enterprise_manager:7.2.699
Netgain-Systems » Enterprise Manager » Version: 7.2.730

cpe:2.3:a:netgain-systems:enterprise_manager:7.2.730

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-16608

Products

Pricing

Contact Us