7.2
CVSSv3

CVE-2017-6554

CVSSv4: NA | CVSSv3: 7.2 | CVSSv2: 9 | VMScore: 820 | EPSS: 0.32236 | KEV: Not Included
Published: 14/04/2017 Updated: 21/11/2024

Vulnerability Summary

pmmasterd in Quest Privilege Manager prior to 6.0.0.061, when configured as a policy server, allows remote malicious users to write to arbitrary files and consequently execute arbitrary code with root privileges via an ACT_NEWFILESENT action.

Vulnerable Product Search on Vulmon Subscribe to Product

quest privilege manager 6.0.0-27

quest privilege manager 6.0.0-50

Exploits

#!/usr/bin/env python2 """ # Exploit Title: Quest Privilege Manager pmmasterd Arbitrary File Write # Date: 10/Mar/2017 # Exploit Author: m0t # Vendor Homepage: wwwquestcom/products/privilege-manager-for-unix/ # Version: 600-27, 600-50 # Tested on: ubuntu 1404 x86_64, ubuntu 1604 x86, ubuntu 1204 x86 # CVE : 2017-6554 REQUIREMENTS ...