FKIE_CVE-2017-6885

Vulnerability from fkie_nvd - Published: 2017-05-16 16:29 - Updated: 2025-04-20 01:37
Severity ?
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
An error when handling certain external commands and services related to the FlexNet Inventory Agent and FlexNet Beacon of the Flexera Software FlexNet Manager Suite 2017 before 2017 R1 and 2014 R3 through 2016 R1 SP1 can be exploited to gain elevated privileges.
References
PSIRT-CNA@flexerasoftware.comhttps://secuniaresearch.flexerasoftware.com/advisories/76223/Permissions Required
af854a3a-2127-422b-91ae-364da2661108https://secuniaresearch.flexerasoftware.com/advisories/76223/Permissions Required
Impacted products
Vendor Product Version
flexerasoftware flexnet_manager_suite 2014
flexerasoftware flexnet_manager_suite 2015
flexerasoftware flexnet_manager_suite 2016
flexerasoftware flexnet_manager_suite 2017
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:flexerasoftware:flexnet_manager_suite:2014:*:*:*:*:*:*:*",
              "matchCriteriaId": "1893249B-393C-4138-A83E-94DBA1CAAF75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:flexerasoftware:flexnet_manager_suite:2015:*:*:*:*:*:*:*",
              "matchCriteriaId": "85F8EB93-DA69-42A1-93E1-DE97D58301E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:flexerasoftware:flexnet_manager_suite:2016:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A77E6F8-A668-41B4-B12F-40F297EEDBBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:flexerasoftware:flexnet_manager_suite:2017:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B4C52C7-6546-4272-926B-CADBED1E1AC1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An error when handling certain external commands and services related to the FlexNet Inventory Agent and FlexNet Beacon of the Flexera Software FlexNet Manager Suite 2017 before 2017 R1 and 2014 R3 through 2016 R1 SP1 can be exploited to gain elevated privileges."
    },
    {
      "lang": "es",
      "value": "Un error al manejar ciertos comandos y servicios externos relacionados con el Inventory Agent y Beacon de FlexNet del Flexera Software FlexNet Manager Suite versiones 2017 anterior a 2017 R1 y versiones 2014 R3 hasta 2016 R1 SP1, pueden ser explotados para alcanzar privilegios elevados."
    }
  ],
  "id": "CVE-2017-6885",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-05-16T16:29:00.173",
  "references": [
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://secuniaresearch.flexerasoftware.com/advisories/76223/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://secuniaresearch.flexerasoftware.com/advisories/76223/"
    }
  ],
  "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.