CVE-2017-7722
CVE-2017-7722
Vexday Risk Score
23Bajo
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
Madurez del exploit
Exploit funcional
Exploit automatizable disponible (Nuclei/Metasploit).
CVSS —EPSS 12.7%KEV nãoPoC —Nuclei —Metasploit simPatch —
Ciclo de vida
17 mar 2017Exploit Metasploit disponible
12 abr 2017Publicada en NVD
Recomendación: Planificar corrección próxima — ya existe PoC pública.
In SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4, a menu system is encountered when the SSH service is accessed with "cmc" and "password" (the default username and password). By exploiting a vulnerability in the restrictssh feature of the menuing script, an attacker can escape from the restricted shell.
Productos afectados
n/a · n/a