// For flags

CVE-2017-9810

Kaspersky Anti-Virus File Server 8.0.3.297 - Multiple Vulnerabilities

Severity Score

8.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

4
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

There are no Anti-CSRF tokens in any forms on the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). This would allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain.

No existen tokens Anti-CSRF en ningún formulario en la interfaz web en Kaspersky Anti-Virus para Linux File Server anterior al paquete de mantenimiento 2 corrección crítica 4 (versión 8.0.4.312). Esto permitiría a un atacante enviar peticiones autenticadas cuando un usuario autenticado navega en un dominio controlado por un atacante.

Kaspersky Anti-Virus for Linux File Server version 8.0.3.297 suffers from remote code execution, cross site request forgery, cross site scripting, security bypass, information disclosure, and path traversal vulnerabilities.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2017-06-22 CVE Reserved
  • 2017-06-29 CVE Published
  • 2024-06-19 EPSS Updated
  • 2024-08-05 CVE Updated
  • 2024-08-05 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Kaspersky
Search vendor "Kaspersky"
 Anti-virus For Linux Server
Search vendor "Kaspersky" for product "Anti-virus For Linux Server"
 <= 8.0.3.297
Search vendor "Kaspersky" for product "Anti-virus For Linux Server" and version " <= 8.0.3.297"
-
Affected