CVE-2016-5662 : Accellion Kiteworks appliances before kw2016.03.00 use setuid-root permissions f

Accellion Kiteworks appliances before kw2016.03.00 use setuid-root permissions for /opt/bin/cli, which allows local users to gain privileges via unspecified vectors.

Published 2016-08-26 19:59:12

Updated 2016-11-28 20:28:37

Source CERT/CC

View at NVD, CVE.org

Products affected by CVE-2016-5662

Accellion » Kiteworks Appliance
Versions up to, including, (<=) kw2016.03.00
cpe:2.3:a:accellion:kiteworks_appliance:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2016-5662

EPSS FAQ

0.04%

Probability of exploitation activity in the next 30 days EPSS Score History

~ %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2016-5662

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C	3.9	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
7.8	HIGH	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

References for CVE-2016-5662

http://www.securityfocus.com/bid/92662

Accellion Kiteworks Multiple Security Vulnerabilities

CVEs referencing this url
http://www.kb.cert.org/vuls/id/305607

VU#305607 - Accellion Kiteworks contains multiple vulnerabilities
Third Party Advisory;US Government Resource

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2016-5662

Products affected by CVE-2016-5662

Exploit prediction scoring system (EPSS) score for CVE-2016-5662

CVSS scores for CVE-2016-5662

References for CVE-2016-5662