CVE-2017-16921
Last modified
CVE-2017-16921 is a vulnerability of currently unknown severity. In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS as an agent can manipulate form parameters (related to PGP) and execute arbitrary shell commands with the permissions of the OTRS or web server user.. EPSS estimates a 19.90% chance of exploitation in the next 30 days.
Description
In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS as an agent can manipulate form parameters (related to PGP) and execute arbitrary shell commands with the permissions of the OTRS or web server user.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Otrs | Otrs | 4.0.1 |
| Otrs | Otrs | 4.0.2 |
| Otrs | Otrs | 4.0.3 |
| Otrs | Otrs | 4.0.4 |
| Otrs | Otrs | 4.0.5 |
| Otrs | Otrs | 4.0.6 |
| Otrs | Otrs | 4.0.7 |
| Otrs | Otrs | 4.0.8 |
| Otrs | Otrs | 4.0.9 |
| Otrs | Otrs | 4.0.10 |
| Otrs | Otrs | 4.0.11 |
| Otrs | Otrs | 4.0.12 |
| Otrs | Otrs | 4.0.13 |
| Otrs | Otrs | 4.0.14 |
| Otrs | Otrs | 4.0.15 |
| Otrs | Otrs | 4.0.16 |
| Otrs | Otrs | 4.0.17 |
| Otrs | Otrs | 4.0.18 |
| Otrs | Otrs | 4.0.19 |
| Otrs | Otrs | 4.0.20 |
| Otrs | Otrs | 4.0.21 |
| Otrs | Otrs | 4.0.22 |
| Otrs | Otrs | 4.0.23 |
| Otrs | Otrs | 4.0.24 |
| Otrs | Otrs | 4.0.25 |
| Otrs | Otrs | 4.0.26 |
| Otrs | Otrs | 5.0.0 |
| Otrs | Otrs | 5.0.1 |
| Otrs | Otrs | 5.0.2 |
| Otrs | Otrs | 5.0.3 |
| Otrs | Otrs | 5.0.4 |
| Otrs | Otrs | 5.0.5 |
| Otrs | Otrs | 5.0.6 |
| Otrs | Otrs | 5.0.7 |
| Otrs | Otrs | 5.0.8 |
| Otrs | Otrs | 5.0.9 |
| Otrs | Otrs | 5.0.10 |
| Otrs | Otrs | 5.0.11 |
| Otrs | Otrs | 5.0.12 |
| Otrs | Otrs | 5.0.13 |
| Otrs | Otrs | 5.0.14 |
| Otrs | Otrs | 5.0.15 |
| Otrs | Otrs | 5.0.16 |
| Otrs | Otrs | 5.0.17 |
| Otrs | Otrs | 5.0.18 |
| Otrs | Otrs | 5.0.19 |
| Otrs | Otrs | 5.0.20 |
| Otrs | Otrs | 5.0.21 |
| Otrs | Otrs | 5.0.22 |
| Otrs | Otrs | 5.0.23 |
Showing 50 of 56 affected configurations. See NVD for the full list.
References
- https://lists.debian.org/debian-lts-announce/2017/12/msg00015.htmlMailing List, Third Party Advisory
- https://www.debian.org/security/2017/dsa-4066Mailing List, Third Party Advisory
- https://www.exploit-db.com/exploits/43853/Exploit, Third Party Advisory, VDB Entry
- https://www.otrs.com/security-advisory-2017-09-security-update-otrs-framework/Issue Tracking, Patch, Vendor Advisory
- https://lists.debian.org/debian-lts-announce/2017/12/msg00015.htmlMailing List, Third Party Advisory
- https://www.debian.org/security/2017/dsa-4066Mailing List, Third Party Advisory
- https://www.exploit-db.com/exploits/43853/Exploit, Third Party Advisory, VDB Entry
- https://www.otrs.com/security-advisory-2017-09-security-update-otrs-framework/Issue Tracking, Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-16921?
How severe is CVE-2017-16921?
How do I fix CVE-2017-16921?
Are you affected by CVE-2017-16921?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST