Bird_banner_small4
NetGain Systems Enterprise Manager exec_jsp Command Execution
TSL ID TSL20171213-06
CVE ID(s) CVE-2017-16602
Severity Moderate
Description

A command execution vulnerability has been reported in NetGain Systems Enterprise Manager. The vulnerability is due improper validation of command HTTP parameter.

A remote, authenticated attacker can exploit this vulnerability by sending crafted requests to a vulnerable server. Successful exploitation could result in arbitrary command execution under the context of Administrator.

The vendor, NetGain Systems, has not released an advisory for the vulnerability and the vulnerability remains unpatched in the latest version of the product.

Affected Products
  • NetGain Systems Enterprise Manager .
CVSS Score Base 8.5 (AV:N/AC:M/Au:S/C:C/I:C/A:C):
  • Access vector is NETWORK
  • Access complexity is MEDIUM
  • Level of authentication required is SINGLE
  • Impact of this vulnerability on data confidentiality is COMPLETE
  • Impact of this vulnerability on data integrity is COMPLETE
  • Impact of this vulnerability on data availability is COMPLETE
Temporal 6.3 (E:U/RL:OF/RC:C):
  • The exploitability level of this vulnerability is UNPROVEN
  • The remediation level of this vulnerability is OFFICIAL FIX
  • The report confidence level of this vulnerability is CONFIRMED
Identifiers
ZDI
Related Threats