CVE-2017-9644 – Automated Logic WebCTRL 6.5 - Local Privilege Escalation

https://notcve.org/view.php?id=CVE-2017-9644

An Unquoted Search Path or Element issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An unquoted search path vulnerability may allow a non-privileged local attacker to change files in the installation directory and execute arbitrary code with elevated privileges. Se ha descubierto un problema de ruta de búsqueda o elemento sin comillas en Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 y anteriores; ALC WebCTRL, SiteScan Web 6.1 y anteriores; ALC WebCTRL, i-Vu 6.0 y anteriores; ALC WebCTRL, i-Vu, SiteScan Web 5.5 y anteriores; y ALC WebCTRL, i-Vu, SiteScan Web 5.2 y anteriores. Una vulnerabilidad de ruta de búsqueda sin comillas podría permitir que un atacante local sin privilegios cambie archivos en el directorio de instalación y ejecute código arbitrario con privilegios elevados. Automated Logic WebCTRL version 6.5 suffers from an insecure file permission privilege escalation vulnerability. • https://www.exploit-db.com/exploits/42542 http://www.securityfocus.com/bid/100454 https://ics-cert.us-cert.gov/advisories/ICSA-17-234-01 • CWE-428: Unquoted Search Path or Element •