ERPScanERPSCAN-17-039File Upload in Integration Gateway (PSIGW) - PeopleSoft
EPSS
Percentile
69.3%
Application: Oracle PeopleSoft **Versions Affected:**PeopleTools 8.54, 8.55 Vendor:Oracle **Bugs:**File Upload **Reported:**27.03.2017 **Vendor response:**28.03.2017 **Date of Public Advisory:**18.07.2017 **Reference: **Oracle CPU July 2017 Authors: Roman Shalymov (ERPScan)
VULNERABILITY INFORMATION
Class: File Upload
Risk: High
Impact: Remote command execution on the server
Remotely Exploitable: Yes
Locally Exploitable: Yes
CVE Name: CVE-2017-10061
CVSS Information
CVSS Base Score v3: 8.3 / 10
CVSS Base Vector:
| AV: Attack Vector (Related exploit range) | Network (N) |
|---|---|
| AC: Attack Complexity (Required attack complexity) | Low (L) |
| PR: Privileges Required (Level of privileges needed to exploit) | None (N) |
| UI: User Interaction (Required user participation) | None (N) |
| S: Scope (Change in scope due to impact caused to components beyond the vulnerable component) | Changed © |
| C: Impact to Confidentiality | Low (L) |
| I: Impact to Integrity | Low (L) |
| A: Impact to Availability | Low (L) |
VULNERABILITY DESCRIPTION
An attacker can upload arbitrary text files on the Oracle PeopleSoft HCM 9.2 system which can be leveraged to get remote command execution on the server (for example, the attacker can write his own public RSA key in ~/.ssh/authorized_keys file and get valid ssh session).
VULNERABLE PACKAGES
Oracle PeopleSoft HCM 9.2
SOLUTIONS AND WORKAROUNDS
Check upload content (add xml validation) before overwriting device_map.xml file in com.peoplesoft.pt.integrationgateway.service.Device_ID handler.
Related
