Vulnerability Details : CVE-2018-7567
In the Admin Package Manager in Open Ticket Request System (OTRS) 5.0.0 through 5.0.24 and 6.0.0 through 6.0.1, authenticated admins are able to exploit a Blind Remote Code Execution vulnerability by loading a crafted opm file with an embedded CodeInstall element to execute a command on the server during package installation. NOTE: the vendor disputes this issue stating "the behaviour is as designed and needed for different packages to be installed", "there is a security warning if the package is not verified by OTRS Group", and "there is the possibility and responsibility of an admin to check packages before installation which is possible as they are not binary.
Vulnerability category: Execute code
Products affected by CVE-2018-7567
- cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:6.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:6.0.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-7567
0.53%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 77 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-7567
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.0
|
HIGH | AV:N/AC:L/Au:S/C:C/I:C/A:C |
8.0
|
10.0
|
NIST | |
7.2
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
1.2
|
5.9
|
NIST |
CWE ids for CVE-2018-7567
-
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-7567
-
https://0day.today/exploit/29938
Just a moment...Exploit;Third Party Advisory
Jump to