CVE-2017-17743
Last modified
CVE-2017-17743 is a vulnerability of currently unknown severity. Improper input sanitization within the restricted administration shell on UCOPIA Wireless Appliance devices before 4.4.20, 5.0.x before 5.0.19, and 5.1.x before 5.1.11 allows authenticated remote attackers to escape the shell and escalate their privileges by uploading a .bashrc file containing the /bin/sh string. In some situations, authentication can be achieved via the bhu85tgb default password for the admin account.. EPSS estimates a 1.13% chance of exploitation in the next 30 days.
Description
Improper input sanitization within the restricted administration shell on UCOPIA Wireless Appliance devices before 4.4.20, 5.0.x before 5.0.19, and 5.1.x before 5.1.11 allows authenticated remote attackers to escape the shell and escalate their privileges by uploading a .bashrc file containing the /bin/sh string. In some situations, authentication can be achieved via the bhu85tgb default password for the admin account.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Ucopia | Wireless Appliance Firmware | < 4.4.20 |
| Ucopia | Wireless Appliance Firmware | >= 5.0, < 5.0.19 |
| Ucopia | Wireless Appliance Firmware | >= 5.1, < 5.1.11 |
References
- https://securite.intrinsec.com/2018/03/19/cve-2017-17743-ucopia-shell-escape/Exploit, Third Party Advisory
- https://securite.intrinsec.com/2018/03/19/cve-2017-17743-ucopia-shell-escape/Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-17743?
How severe is CVE-2017-17743?
How do I fix CVE-2017-17743?
Are you affected by CVE-2017-17743?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST