CVE-2017-9644
Automated Logic WebCTRL 6.5 - Local Privilege Escalation
Severity Score
Exploit Likelihood
Affected Versions
13Public Exploits
2Exploited in Wild
-Decision
Descriptions
An Unquoted Search Path or Element issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An unquoted search path vulnerability may allow a non-privileged local attacker to change files in the installation directory and execute arbitrary code with elevated privileges.
Se ha descubierto un problema de ruta de búsqueda o elemento sin comillas en Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 y anteriores; ALC WebCTRL, SiteScan Web 6.1 y anteriores; ALC WebCTRL, i-Vu 6.0 y anteriores; ALC WebCTRL, i-Vu, SiteScan Web 5.5 y anteriores; y ALC WebCTRL, i-Vu, SiteScan Web 5.2 y anteriores. Una vulnerabilidad de ruta de búsqueda sin comillas podría permitir que un atacante local sin privilegios cambie archivos en el directorio de instalación y ejecute código arbitrario con privilegios elevados.
Automated Logic WebCTRL version 6.5 suffers from an insecure file permission privilege escalation vulnerability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-06-14 CVE Reserved
- 2017-08-23 CVE Published
- 2017-08-23 First Exploit
- 2024-08-05 CVE Updated
- 2025-04-06 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-428: Unquoted Search Path or Element
CAPEC
References (4)
| URL | Date | SRC |
|---|---|---|
| https://packetstorm.news/files/id/143895 | 2017-08-23 | |
| https://www.exploit-db.com/exploits/42542 | 2024-08-05 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|