CVE-2017-9447

{"id": "CVE-2017-9447", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": true, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2018-02-28T15:29:00.273", "references": [{"url": "https://blog.runesec.com/2018/02/22/parallels-ras-path-traversal/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/442321/", "tags": ["Broken Link"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "In the web interface of Parallels Remote Application Server (RAS) 15.5 Build 16140, a vulnerability exists due to improper validation of the file path when requesting a resource under the \"RASHTML5Gateway\" directory. A remote, unauthenticated attacker could exploit this weakness to read arbitrary files from the vulnerable system using path traversal sequences."}, {"lang": "es", "value": "En la interfaz web de Parallels Remote Application Server (RAS) 15.5 Build 16140, existe una vulnerabilidad debido a la validaci\u00f3n incorrecta de la ruta de archivo al solicitar un recurso en el directorio \"RASHTML5Gateway\". Un atacante remoto no autenticado podr\u00eda explotar esta debilidad para leer archivos arbitrarios del sistema vulnerable empleando secuencias de salto de directorio."}], "lastModified": "2018-03-23T16:03:35.213", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:parallels:remote_application_server:15.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B4CA739-F161-41BE-A3EB-57BC70C07DEA"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}