Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
Name CVE-2017-16933 First vendor Publication 2017-11-24
Vendor Cve Last vendor Modification 2019-10-03

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Overall CVSS Score 7
Base Score 7 Environmental Score 7
impact SubScore 5.9 Temporal Score 7
Exploitabality Sub Score 1
 
Attack Vector Local Attack Complexity High
Privileges Required Low User Interaction None
Scope Unchanged Confidentiality Impact High
Integrity Impact High Availability Impact High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 6.9 Attack Range Local
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 3.4 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.1 has a chown call for a filename in a user-writable directory, which allows local users to gain privileges by leveraging access to the $ICINGA2_USER account for creation of a link.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16933

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-732 Incorrect Permission Assignment for Critical Resource (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 39

Sources (Detail)

Source Url
MISC https://github.com/Icinga/icinga2/issues/5793

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
Date Informations
2021-07-16 01:23:18
  • Multiple Updates
2021-05-04 12:59:20
  • Multiple Updates
2021-04-22 02:12:25
  • Multiple Updates
2020-05-23 02:04:29
  • Multiple Updates
2020-05-23 00:58:04
  • Multiple Updates
2019-10-03 09:20:11
  • Multiple Updates
2019-06-08 12:09:04
  • Multiple Updates
2018-03-15 09:19:20
  • Multiple Updates
2017-12-12 17:22:07
  • Multiple Updates
2017-11-24 09:21:54
  • First insertion