CVE-2017-16921
CVE-2017-16921
Vexday Risk Score
28Low
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Proof of concept
Public proof of concept exists, but not yet automated.
CVSS —EPSS 19.9%KEV nãoPoC públicaNuclei —Metasploit —Patch referenciado
Lifecycle
08 Dec 2017Published on NVD
21 Jan 2018Public PoC
Weaponization speed
43 daysto first PoC
Recommendation: Plan a near-term fix — a public PoC already exists.
In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS as an agent can manipulate form parameters (related to PGP) and execute arbitrary shell commands with the permissions of the OTRS or web server user.
Affected products
n/a · n/apublic PoCs found — 4
githubgithub.com/Smarttfoxx/OTRS-4.0.1-6.0.1-Remote-Command-Execution★ 0cve_referencewww.exploit-db.com/exploits/43853/unverifiedcve_referencepacketstormsecurity.com/files/162295/OTRS-6.0.1-Remote-Command-Execution.htmlunverifiedexploitdbwww.exploit-db.com/exploits/43853unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
References
http://packetstormsecurity.com/files/162295/OTRS-6.0.1-Remote-Command-Execution.htmlhttps://lists.debian.org/debian-lts-announce/2017/12/msg00015.htmlhttps://www.debian.org/security/2017/dsa-4066https://www.exploit-db.com/exploits/43853/https://www.otrs.com/security-advisory-2017-09-security-update-otrs-framework/