CVE-2017-1000203

HIGH

ROOT < 6.9.03 - Authenticated Remote Code Execution via Shell Metacharacter Injection in rootd Daemon

Title source: llm
STIX 2.1

Description

ROOT version 6.9.03 and below is vulnerable to an authenticated shell metacharacter injection in the rootd daemon resulting in remote code execution

Scores

CVSS v3 8.8
EPSS 0.0388
EPSS Percentile 88.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-78
Status published
Products (1)
cern/root < 6.9.03
Published Nov 17, 2017
Tracked Since Feb 18, 2026