Published: 12/06/2017 Updated: 03/10/2019

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 578

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

In Open Ticket Request System (OTRS) 3.3.x up to and including 3.3.16, 4.x up to and including 4.0.23, and 5.x up to and including 5.0.19, an attacker with agent permission is capable of opening a specific URL in a browser to gain administrative privileges / full access. Afterward, all system settings can be read and changed. The URLs in question contain index.pl?Action=Installer with ;Subaction=Intro or ;Subaction=Start or ;Subaction=System appended at the end.

Vulnerable Product	Search on Vulmon	Subscribe to Product
otrs otrs
debian debian linux 8.0
debian debian linux 9.0

Debian Bug report logs - #864319 CVE-2017-9324 Package: otrs; Maintainer for otrs is Patrick Matthäi <pmatthaei@debianorg>; Source for otrs is src:otrs2 (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Tue, 6 Jun 2017 20:39:01 UTC Severity: grave Tags: fixed-upstream, security, upstrea ...

Due to insufficient checking of privileges, it is possible to access the OTRS Install dialog of an already installed instance, which enables an authenticated attacker to change the database settings, superuser password, mail server settings, log file location and other parameters Versions affected include OTRS 50x, OTRS 40x, and OTRS 33x ...

CWE-269 https://www.otrs.com/security-advisory-2017-03-security-update-otrs-versions/https://packetstormsecurity.com/files/142862/OTRS-Install-Dialog-Disclosure.html http://www.debian.org/security/2017/dsa-3876 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864319 https://nvd.nist.gov

CVE-2017-9324

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect