A vulnerability was found in the XML-RPC interface in supervisord. When processing malformed commands, an attacker can cause arbitrary shell commands to be executed on the server as the same user as supervisord. Exploitation requires the attacker to first be authenticated to the supervisord service.
Find out more about CVE-2017-11610 from the MITRE CVE dictionary dictionary and NIST NVD.
CVSS3 Base Score | 7 |
---|---|
CVSS3 Base Metrics | CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
Attack Vector | Local |
Attack Complexity | High |
Privileges Required | Low |
User Interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity Impact | High |
Availability Impact | High |
Platform | Errata | Release Date |
---|---|---|
CloudForms Management Engine 5.8 (supervisor) | RHSA-2017:3005 | 2017-10-24 |
Platform | Package | State |
---|---|---|
Red Hat Mobile Application Platform On-Premise 4 | nagios | Not affected |
Red Hat Ceph Storage 2 | supervisor | Will not fix |
Red Hat Ceph Storage 1.3 | supervisor | Will not fix |