CVE-2017-9644 Information
Feb 14, 2021
cve
Description
An Unquoted Search Path or Element issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL i-Vu SiteScan Web 6.5 and prior; ALC WebCTRL SiteScan Web 6.1 and prior; ALC WebCTRL i-Vu 6.0 and prior; ALC WebCTRL i-Vu SiteScan Web 5.5 and prior; and ALC WebCTRL i-Vu SiteScan Web 5.2 and prior. An unquoted search path vulnerability may allow a non-privileged local attacker to change files in the installation directory and execute arbitrary code with elevated privileges.
CVSS Vector
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Reference
http://www.securityfocus.com/bid/100454 https://ics-cert.us-cert.gov/advisories/ICSA-17-234-01 https://www.exploit-db.com/exploits/42542/
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction Required
LOW
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
7.0
Share on: