CVE-2017-8916

EUVD-2017-17856
In Center for Internet Security CIS-CAT Pro Dashboard before 1.0.4, an authenticated user is able to change an administrative user's e-mail address and send a forgot password email to themselves, thereby gaining administrative access.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 15%
Affected Products (NVD)
VendorProductVersion
cisecuritycis-cat_pro_dashboard
1.0.0
cisecuritycis-cat_pro_dashboard
1.0.1
cisecuritycis-cat_pro_dashboard
1.0.2
cisecuritycis-cat_pro_dashboard
1.0.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.cisecurity.org/cis-security-updates/incorrect-access-control-cve-2017-8916/
https://www.cisecurity.org/cis-security-updates/incorrect-access-control-cve-2017-8916/