Lucene search

TalosCVELIST:CVE-2017-14475

HistoryMay 09, 2018 - 8:00 p.m.

CVE-2017-14475

2018-05-0920:00:00

talos

www.cve.org

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.004

Percentile

74.9%

JSON

In the MMM::Agent::Helpers::Network::add_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for Linux), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm_agentd process. An attacker that can initiate a TCP session with mmm_agentd can trigger this vulnerability.

CNA Affected

[
  {
    "product": "MySql MMM",
    "vendor": "Talos",
    "versions": [
      {
        "status": "affected",
        "version": "MMM 2.2.1"
      }
    ]
  }
]

References

www.talosintelligence.com/vulnerability_reports/TALOS-2017-0501

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.004

Percentile

74.9%

JSON

Related for CVELIST:CVE-2017-14475