Vulnerability Details : CVE-2017-14322
Potential exploit
The function in charge to check whether the user is already logged in init.php in Interspire Email Marketer (IEM) prior to 6.1.6 allows remote attackers to bypass authentication and obtain administrative access by using the IEM_CookieLogin cookie with a specially crafted value.
Vulnerability category: BypassGain privilege
Products affected by CVE-2017-14322
- cpe:2.3:a:interspire:email_marketer:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-14322
58.75%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-14322
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
|
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2017-14322
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-14322
-
https://security.infoteam.ch/en/blog/posts/narrative-of-an-incident-response-from-compromise-to-the-publication-of-the-weakness.html
404 - Infoteam SABroken Link
-
http://seclists.org/fulldisclosure/2017/Oct/39
Full Disclosure: [CVE-2017-14322] Interspire Email Marketer - Remote Admin Authentication BypassMailing List;Third Party Advisory
-
https://www.exploit-db.com/exploits/44513/
Interspire Email Marketer < 6.1.6 - Remote Admin Authentication BypassExploit;Third Party Advisory;VDB Entry
Jump to