CVE-2017-17384

ISPConfig 3.x before 3.1.9 allows remote authenticated users to obtain root access by creating a crafted cron job.

Published: Dec 7, 2017
Updated: Apr 13, 2023
CVE: CVE-2017-17384
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 9
AV:N/AC:L/Au:S/C:C/I:C/A:C

CWEs:

CWE-269

Affected Software
References

Software	From	Fixed in
ispconfig / ispconfig	3.1.8-p1	3.1.8-p1.x
ispconfig / ispconfig	3.1.8	3.1.8.x
ispconfig / ispconfig	3.1.7-p1	3.1.7-p1.x
ispconfig / ispconfig	3.1.7	3.1.7.x
ispconfig / ispconfig	3.1.6	3.1.6.x
ispconfig / ispconfig	3.1.5	3.1.5.x
ispconfig / ispconfig	3.1.4	3.1.4.x
ispconfig / ispconfig	3.1.3	3.1.3.x
ispconfig / ispconfig	3.1.2	3.1.2.x
ispconfig / ispconfig	3.1.1-p1	3.1.1-p1.x
ispconfig / ispconfig	3.1.1	3.1.1.x
ispconfig / ispconfig	3.1	3.1.x
ispconfig / ispconfig	3.0.5.4-p6	3.0.5.4-p6.x
ispconfig / ispconfig	3.0.5.4-p5	3.0.5.4-p5.x
ispconfig / ispconfig	3.0.5.4-p4	3.0.5.4-p4.x
ispconfig / ispconfig	3.0.5.4-p3	3.0.5.4-p3.x
ispconfig / ispconfig	3.0.5.4-p2	3.0.5.4-p2.x
ispconfig / ispconfig	3.0.5.4-p1	3.0.5.4-p1.x
ispconfig / ispconfig	3.0.5.4-b1	3.0.5.4-b1.x
ispconfig / ispconfig	3.0.5.4	3.0.5.4.x
ispconfig / ispconfig	3.0.5.3	3.0.5.3.x
ispconfig / ispconfig	3.0.5.2	3.0.5.2.x
ispconfig / ispconfig	3.0.5.1	3.0.5.1.x
ispconfig / ispconfig	3.0.2.1	3.0.2.1.x
ispconfig / ispconfig	3.0.2	3.0.2.x
ispconfig / ispconfig	3.0.2.2-b1	3.0.2.2-b1.x
ispconfig / ispconfig	3.0.2.2	3.0.2.2.x
ispconfig / ispconfig	3.0.3-b1	3.0.3-b1.x
ispconfig / ispconfig	3.0.3-rc1	3.0.3-rc1.x
ispconfig / ispconfig	3.0.3	3.0.3.x
ispconfig / ispconfig	3.0.3.1-rc2	3.0.3.1-rc2.x
ispconfig / ispconfig	3.0.3.1-rc1	3.0.3.1-rc1.x
ispconfig / ispconfig	3.0.3.1	3.0.3.1.x
ispconfig / ispconfig	3.0.3.2-rc1	3.0.3.2-rc1.x
ispconfig / ispconfig	3.0.3.2	3.0.3.2.x
ispconfig / ispconfig	3.0.3.3-rc1	3.0.3.3-rc1.x
ispconfig / ispconfig	3.0.3.3	3.0.3.3.x
ispconfig / ispconfig	3.0.4-b1	3.0.4-b1.x
ispconfig / ispconfig	3.0.4	3.0.4.x
ispconfig / ispconfig	3.0.4.1-rc2	3.0.4.1-rc2.x
ispconfig / ispconfig	3.0.4.1-rc1	3.0.4.1-rc1.x
ispconfig / ispconfig	3.0.4.1	3.0.4.1.x
ispconfig / ispconfig	3.0.4.3	3.0.4.3.x
ispconfig / ispconfig	3.0.4.2	3.0.4.2.x
ispconfig / ispconfig	3.0.4.6	3.0.4.6.x
ispconfig / ispconfig	3.0.4.6-rc1	3.0.4.6-rc1.x
ispconfig / ispconfig	3.0.5-rc1	3.0.5-rc1.x
ispconfig / ispconfig	3.0.5-b1	3.0.5-b1.x
ispconfig / ispconfig	3.0.5-alpha1	3.0.5-alpha1.x
ispconfig / ispconfig	3.0.5	3.0.5.x
ispconfig / ispconfig	3.0.5-rc2	3.0.5-rc2.x
ispconfig / ispconfig	3.0.5.4-rc2	3.0.5.4-rc2.x
ispconfig / ispconfig	3.0.5.4-rc1	3.0.5.4-rc1.x
ispconfig / ispconfig	3.0.5.4-p7	3.0.5.4-p7.x
ispconfig / ispconfig	3.0.5.4-p8	3.0.5.4-p8.x
ispconfig / ispconfig	3.0.5.4-p9	3.0.5.4-p9.x

https://www.ispconfig.org/blog/ispconfig-3-1-9-released-important-security-update/

Vulnerability Database

289,697

CVE-2017-17384