Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-7567

In the Admin Package Manager in Open Ticket Request System (OTRS) 5.0.0 through 5.0.24 and 6.0.0 through 6.0.1, authenticated admins are able to exploit a Blind Remote Code Execution vulnerability by loading a crafted opm file with an embedded CodeInstall element to execute a command on the server during package installation. NOTE: the vendor disputes this issue stating "the behaviour is as designed and needed for different packages to be installed", "there is a security warning if the package is not verified by OTRS Group", and "there is the possibility and responsibility of an admin to check packages before installation which is possible as they are not binary.

Published

2018-03-04T20:29:00.333

Last Modified

2024-11-21T04:12:23.043

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 7.2 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

8.0

Impact Score

10.0

Weaknesses

Type: Primary
CWE-434

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	otrs	otrs	≤ 5.0.23	Yes
Application	otrs	otrs	6.0.0	Yes
Application	otrs	otrs	6.0.1	Yes

References

https://0day.today/exploit/29938 Exploit, Third Party Advisory ([email protected])
https://0day.today/exploit/29938 Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)