← back
CVE-2017-20025

Solare Solar-Log Flash Memory privileges management

CVSS 7.3 HIGHEPSS 1.0%CWE-269
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.3EPSS 1.0%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
09 Jun 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Flash Memory. The manipulation leads to privilege escalation. The attack can be launched remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Affected products
Solare · Solar-Log

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://seclists.org/fulldisclosure/2017/Mar/58https://vuldb.com/?id.98935