Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2017-14705

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-22 Sep, 2017 | 18:00
Updated At-17 Sep, 2024 | 01:01
Rejected At-
Credits

DenyAll WAF before 6.4.1 allows unauthenticated remote command execution via TCP port 3001 because shell metacharacters can be inserted into the type parameter to the tailDateFile function in /webservices/stream/tail.php. An iToken authentication parameter is required but can be obtained by exploiting CVE-2017-14706. This affects DenyAll i-Suite LTS 5.5.0 through 5.5.12, i-Suite 5.6, Web Application Firewall 5.7, and Web Application Firewall 6.x before 6.4.1, with On Premises or AWS/Azure cloud deployments.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:22 Sep, 2017 | 18:00
Updated At:17 Sep, 2024 | 01:01
Rejected At:
▼CVE Numbering Authority (CNA)

DenyAll WAF before 6.4.1 allows unauthenticated remote command execution via TCP port 3001 because shell metacharacters can be inserted into the type parameter to the tailDateFile function in /webservices/stream/tail.php. An iToken authentication parameter is required but can be obtained by exploiting CVE-2017-14706. This affects DenyAll i-Suite LTS 5.5.0 through 5.5.12, i-Suite 5.6, Web Application Firewall 5.7, and Web Application Firewall 6.x before 6.4.1, with On Premises or AWS/Azure cloud deployments.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/rapid7/metasploit-framework/pull/8980
x_refsource_MISC
https://pentest.blog/advisory-denyall-web-application-firewall-unauthenticated-remote-code-execution/
x_refsource_MISC
https://www.denyall.com/blog/advisories/advisory-unauthenticated-remote-code-execution-denyall-web-application-firewall/
x_refsource_MISC
Hyperlink: https://github.com/rapid7/metasploit-framework/pull/8980
Resource:
x_refsource_MISC
Hyperlink: https://pentest.blog/advisory-denyall-web-application-firewall-unauthenticated-remote-code-execution/
Resource:
x_refsource_MISC
Hyperlink: https://www.denyall.com/blog/advisories/advisory-unauthenticated-remote-code-execution-denyall-web-application-firewall/
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/rapid7/metasploit-framework/pull/8980
x_refsource_MISC
x_transferred
https://pentest.blog/advisory-denyall-web-application-firewall-unauthenticated-remote-code-execution/
x_refsource_MISC
x_transferred
https://www.denyall.com/blog/advisories/advisory-unauthenticated-remote-code-execution-denyall-web-application-firewall/
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/rapid7/metasploit-framework/pull/8980
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://pentest.blog/advisory-denyall-web-application-firewall-unauthenticated-remote-code-execution/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://www.denyall.com/blog/advisories/advisory-unauthenticated-remote-code-execution-denyall-web-application-firewall/
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:22 Sep, 2017 | 18:29
Updated At:20 Apr, 2025 | 01:37

DenyAll WAF before 6.4.1 allows unauthenticated remote command execution via TCP port 3001 because shell metacharacters can be inserted into the type parameter to the tailDateFile function in /webservices/stream/tail.php. An iToken authentication parameter is required but can be obtained by exploiting CVE-2017-14706. This affects DenyAll i-Suite LTS 5.5.0 through 5.5.12, i-Suite 5.6, Web Application Firewall 5.7, and Web Application Firewall 6.x before 6.4.1, with On Premises or AWS/Azure cloud deployments.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.08.1HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.09.3HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
Type: Primary
Version: 3.0
Base score: 8.1
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 9.3
Base severity: HIGH
Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CPE Matches
denyall
denyall
>>i-suite>>5.5.0
cpe:2.3:a:denyall:i-suite:5.5.0:*:*:*:lts:*:*:*
denyall
denyall
>>i-suite>>5.5.9
cpe:2.3:a:denyall:i-suite:5.5.9:*:*:*:lts:*:*:*
denyall
denyall
>>i-suite>>5.5.10
cpe:2.3:a:denyall:i-suite:5.5.10:*:*:*:lts:*:*:*
denyall
denyall
>>i-suite>>5.5.11
cpe:2.3:a:denyall:i-suite:5.5.11:*:*:*:lts:*:*:*
denyall
denyall
>>i-suite>>5.5.12
cpe:2.3:a:denyall:i-suite:5.5.12:*:*:*:lts:*:*:*
denyall
denyall
>>i-suite>>5.6.0
cpe:2.3:a:denyall:i-suite:5.6.0:*:*:*:lts:*:*:*
denyall
denyall
>>web_application_firewall>>5.7.0
cpe:2.3:a:denyall:web_application_firewall:5.7.0:*:*:*:*:*:*:*
denyall
denyall
>>web_application_firewall>>6.0.0
cpe:2.3:a:denyall:web_application_firewall:6.0.0:*:*:*:*:*:*:*
denyall
denyall
>>web_application_firewall>>6.1.0
cpe:2.3:a:denyall:web_application_firewall:6.1.0:*:*:*:*:*:*:*
denyall
denyall
>>web_application_firewall>>6.2.0
cpe:2.3:a:denyall:web_application_firewall:6.2.0:*:*:*:*:*:*:*
denyall
denyall
>>web_application_firewall>>6.3.0
cpe:2.3:a:denyall:web_application_firewall:6.3.0:*:*:*:*:*:*:*
denyall
denyall
>>web_application_firewall>>6.4.0
cpe:2.3:a:denyall:web_application_firewall:6.4.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-78Primarynvd@nist.gov
CWE ID: CWE-78
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/rapid7/metasploit-framework/pull/8980cve@mitre.org
Exploit
Third Party Advisory
https://pentest.blog/advisory-denyall-web-application-firewall-unauthenticated-remote-code-execution/cve@mitre.org
Exploit
Technical Description
Third Party Advisory
https://www.denyall.com/blog/advisories/advisory-unauthenticated-remote-code-execution-denyall-web-application-firewall/cve@mitre.org
Vendor Advisory
https://github.com/rapid7/metasploit-framework/pull/8980af854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
https://pentest.blog/advisory-denyall-web-application-firewall-unauthenticated-remote-code-execution/af854a3a-2127-422b-91ae-364da2661108
Exploit
Technical Description
Third Party Advisory
https://www.denyall.com/blog/advisories/advisory-unauthenticated-remote-code-execution-denyall-web-application-firewall/af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: https://github.com/rapid7/metasploit-framework/pull/8980
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
Hyperlink: https://pentest.blog/advisory-denyall-web-application-firewall-unauthenticated-remote-code-execution/
Source: cve@mitre.org
Resource:
Exploit
Technical Description
Third Party Advisory
Hyperlink: https://www.denyall.com/blog/advisories/advisory-unauthenticated-remote-code-execution-denyall-web-application-firewall/
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: https://github.com/rapid7/metasploit-framework/pull/8980
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory
Hyperlink: https://pentest.blog/advisory-denyall-web-application-firewall-unauthenticated-remote-code-execution/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Technical Description
Third Party Advisory
Hyperlink: https://www.denyall.com/blog/advisories/advisory-unauthenticated-remote-code-execution-denyall-web-application-firewall/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

107Records found
CVE-2018-18638
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-5.09% / 89.58%
||
7 Day CHG~0.00%
Published-24 Oct, 2018 | 22:00
Updated-05 Aug, 2024 | 11:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A command injection vulnerability in the setup API in the Neato Botvac Connected 2.2.0 allows network attackers to execute arbitrary commands via shell metacharacters in the ntp field within JSON data to the /robot/initialize endpoint.

Action-Not Available
Vendor-neatoroboticsn/a
Product-botvac_connected_firmwarebotvac_connectedn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-18600
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-2.80% / 85.79%
||
7 Day CHG~0.00%
Published-31 Dec, 2018 | 16:00
Updated-06 May, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The remote upgrade feature in Guardzilla GZ180 devices allow command injection via a crafted new firmware version parameter.

Action-Not Available
Vendor-guardzillan/a
Product-180_indoor_firmware180_outdoor_firmware180_indoor180_outdoorn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-17208
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-16.69% / 94.78%
||
7 Day CHG~0.00%
Published-19 Sep, 2018 | 17:00
Updated-17 Sep, 2024 | 02:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Linksys Velop 1.1.2.187020 devices allow unauthenticated command injection, providing an attacker with full root access, via cgi-bin/zbtest.cgi or cgi-bin/zbtest2.cgi (scripts that can be discovered with binwalk on the firmware, but are not visible in the web interface). This occurs because shell metacharacters in the query string are mishandled by ShellExecute, as demonstrated by the zbtest.cgi?cmd=level&level= substring. This can also be exploited via CSRF.

Action-Not Available
Vendor-n/aLinksys Holdings, Inc.
Product-velop_firmwarevelopn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-15722
Matching Score-4
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-4
Assigner-Tenable Network Security, Inc.
CVSS Score-8.1||HIGH
EPSS-2.39% / 84.71%
||
7 Day CHG~0.00%
Published-20 Dec, 2018 | 21:00
Updated-17 Sep, 2024 | 02:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Logitech Harmony Hub before version 4.15.206 is vulnerable to OS command injection via the time update request. A remote server or man in the middle can inject OS commands with a properly formatted response.

Action-Not Available
Vendor-logitechLogitech
Product-harmony_hub_firmwareharmony_hubLogitech Harmony Hub
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-10697
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.85% / 74.51%
||
7 Day CHG~0.00%
Published-07 Jun, 2019 | 19:29
Updated-05 Aug, 2024 | 07:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Moxa AWK-3121 1.14 devices. The Moxa AWK 3121 provides ping functionality so that an administrator can execute ICMP calls to check if the network is working correctly. However, the same functionality allows an attacker to execute commands on the device. The POST parameter "srvName" is susceptible to this injection. By crafting a packet that contains shell metacharacters, it is possible for an attacker to execute the attack.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-awk-3121awk-3121_firmwaren/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2017-9274
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
CVSS Score-7.8||HIGH
EPSS-0.47% / 64.23%
||
7 Day CHG~0.00%
Published-01 Mar, 2018 | 19:00
Updated-16 Sep, 2024 | 18:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
osc executes spec code during "osc commit"

A shell command injection in the obs-service-source_validator before 0.7 could be used to execute code as the packager when checking RPM SPEC files with specific macro constructs.

Action-Not Available
Vendor-openSUSESUSE
Product-obs-service-source_validatorobs-service-source_validator
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-39065
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-8.1||HIGH
EPSS-4.19% / 88.46%
||
7 Day CHG~0.00%
Published-13 Dec, 2021 | 17:55
Updated-16 Sep, 2024 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied input by the Spectrum Copy Data Management Admin Console login and uploadcertificate function . A remote attacker could inject arbitrary shell commands which would be executed on the affected system. IBM X-Force ID: 214958.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-spectrum_copy_data_managementlinux_kernelSpectrum Copy Data Management
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found