// For flags

CVE-2017-9812

Kaspersky Anti-Virus File Server 8.0.3.297 - Multiple Vulnerabilities

Severity Score

7.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

4
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The reportId parameter of the getReportStatus action method can be abused in the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312) to read arbitrary files with kluser privileges.

El parámetro reportId del método de la acción getReportStatus puede ser violado en la interfaz web en Kaspersky Anti-Virus para Linux File Server anterior al paquete de mantenimiento 2 corrección crítica 4 (versión 8.0.4.312), para leer archivos arbitrarios con privilegios kluser.

Kaspersky Anti-Virus for Linux File Server version 8.0.3.297 suffers from remote code execution, cross site request forgery, cross site scripting, security bypass, information disclosure, and path traversal vulnerabilities.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2017-06-22 CVE Reserved
  • 2017-06-29 CVE Published
  • 2024-06-19 EPSS Updated
  • 2024-08-05 CVE Updated
  • 2024-08-05 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Kaspersky
Search vendor "Kaspersky"
Anti-virus For Linux Server
Search vendor "Kaspersky" for product "Anti-virus For Linux Server"
<= 8.0.3.297
Search vendor "Kaspersky" for product "Anti-virus For Linux Server" and version " <= 8.0.3.297"
-
Affected