Lucene search

[email protected]CVE-2015-4027

HistoryDec 17, 2015 - 7:59 p.m.

CVE-2015-4027

2015-12-1719:59:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2015-4027

acunetix web vulnerability scanner

wvs

privilege escalation

json

local user gain privileges

6.6 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

25.8%

JSON

The AcuWVSSchedulerv10 service in Acunetix Web Vulnerability Scanner (WVS) before 10 build 20151125 allows local users to gain privileges via a command parameter in the reporttemplate property in a params JSON object to api/addScan.

CPENameOperatorVersion
acunetix:web_vulnerability_scanneracunetix web vulnerability scannerle10

CPE	Name	Operator	Version
acunetix:web_vulnerability_scanner	acunetix web vulnerability scanner	le	10

References

packetstormsecurity.com/files/134602/Acunetix-WVS-10-Local-Privilege-Escalation.html

www.acunetix.com/blog/releases/acunetix-10-build-includes-security-checks-in-cors-configurations/

www.exploit-db.com/exploits/38847/

6.6 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

25.8%

JSON

Related for CVE-2015-4027

checkpoint_advisories1 prion1 zdt1 exploitpack1 packetstorm1 cvelist1 exploitdb1 securityvulns1