CVE-2017-17384 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	8.8 HIGH	NETWORK	LOW	LOW	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 65%

Vendor	Product	Version
ispconfig	ispconfig	3.0.2
ispconfig	ispconfig	3.0.2.1
ispconfig	ispconfig	3.0.2.2
ispconfig	ispconfig	3.0.2.2:b1
ispconfig	ispconfig	3.0.3
ispconfig	ispconfig	3.0.3:b1
ispconfig	ispconfig	3.0.3:rc1
ispconfig	ispconfig	3.0.3.1
ispconfig	ispconfig	3.0.3.1:rc1
ispconfig	ispconfig	3.0.3.1:rc2
ispconfig	ispconfig	3.0.3.2
ispconfig	ispconfig	3.0.3.2:rc1
ispconfig	ispconfig	3.0.3.3
ispconfig	ispconfig	3.0.3.3:rc1
ispconfig	ispconfig	3.0.4
ispconfig	ispconfig	3.0.4:b1
ispconfig	ispconfig	3.0.4.1
ispconfig	ispconfig	3.0.4.1:rc1
ispconfig	ispconfig	3.0.4.1:rc2
ispconfig	ispconfig	3.0.4.2
ispconfig	ispconfig	3.0.4.3
ispconfig	ispconfig	3.0.4.6
ispconfig	ispconfig	3.0.4.6:rc1
ispconfig	ispconfig	3.0.5
ispconfig	ispconfig	3.0.5:alpha1
ispconfig	ispconfig	3.0.5:b1
ispconfig	ispconfig	3.0.5:rc1
ispconfig	ispconfig	3.0.5:rc2
ispconfig	ispconfig	3.0.5.1
ispconfig	ispconfig	3.0.5.2
ispconfig	ispconfig	3.0.5.3
ispconfig	ispconfig	3.0.5.4
ispconfig	ispconfig	3.0.5.4:b1
ispconfig	ispconfig	3.0.5.4:p1
ispconfig	ispconfig	3.0.5.4:p2
ispconfig	ispconfig	3.0.5.4:p3
ispconfig	ispconfig	3.0.5.4:p4
ispconfig	ispconfig	3.0.5.4:p5
ispconfig	ispconfig	3.0.5.4:p6
ispconfig	ispconfig	3.0.5.4:p7
ispconfig	ispconfig	3.0.5.4:p8
ispconfig	ispconfig	3.0.5.4:p9
ispconfig	ispconfig	3.0.5.4:rc1
ispconfig	ispconfig	3.0.5.4:rc2
ispconfig	ispconfig	3.1
ispconfig	ispconfig	3.1.1
ispconfig	ispconfig	3.1.1:p1
ispconfig	ispconfig	3.1.2
ispconfig	ispconfig	3.1.3
ispconfig	ispconfig	3.1.4
ispconfig	ispconfig	3.1.5
ispconfig	ispconfig	3.1.6
ispconfig	ispconfig	3.1.7
ispconfig	ispconfig	3.1.7:p1
ispconfig	ispconfig	3.1.8
ispconfig	ispconfig	3.1.8:p1

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-269 - Improper Privilege Management
The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References

https://www.ispconfig.org/blog/ispconfig-3-1-9-released-important-security-update/

https://www.ispconfig.org/blog/ispconfig-3-1-9-released-important-security-update/