Vulnerability Details CVE-2017-3222
Hard-coded credentials in AmosConnect 8 allow remote attackers to gain full administrative privileges, including the ability to execute commands on the Microsoft Windows host platform with SYSTEM privileges by abusing AmosConnect Task Manager.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.061
EPSS Ranking 90.3%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
- http://www.inmarsat.com/news/inmarsat-response-to-ioactive-claims/
- http://www.securityfocus.com/bid/99899
- https://twitter.com/mkolsek/status/923988845783322625
- https://www.kb.cert.org/vuls/id/586501
- http://www.inmarsat.com/news/inmarsat-response-to-ioactive-claims/
- http://www.securityfocus.com/bid/99899
- https://twitter.com/mkolsek/status/923988845783322625
- https://www.kb.cert.org/vuls/id/586501
Products affected by CVE-2017-3222
-
cpe:2.3:a:inmarsat:amosconnect:8.0
-
cpe:2.3:a:inmarsat:amosconnect:8.0.1
-
cpe:2.3:a:inmarsat:amosconnect:8.0.2
-
cpe:2.3:a:inmarsat:amosconnect:8.2.0
-
cpe:2.3:a:inmarsat:amosconnect:8.2.1
-
cpe:2.3:a:inmarsat:amosconnect:8.2.2
-
cpe:2.3:a:inmarsat:amosconnect:8.3.0
-
cpe:2.3:a:inmarsat:amosconnect:8.3.1
-
cpe:2.3:a:inmarsat:amosconnect:8.4.0
-
cpe:2.3:a:inmarsat:amosconnect:8.4.0.1