CVE-2017-11610

HIGH EXPLOITED IN THE WILD NUCLEI

Supervisor XML-RPC Authenticated Remote Code Execution

Title source: metasploit

Description

The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups.

Exploits (5)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotelinux

https://www.exploit-db.com/exploits/42779

View Code ZIP pw:eip

github 175 stars

by wjl110 · javascriptpoc

https://github.com/wjl110/CVE-Master/tree/main/CVE-2017-11610-main

nomisec WORKING POC 4 stars

by yaunsky · remote-auth

https://github.com/yaunsky/CVE-2017-11610

View Code ZIP pw:eip

nomisec WORKING POC

by ivanitlearning · remote-auth

https://github.com/ivanitlearning/CVE-2017-11610

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by Calum Hutton <[email protected]> · rubypoclinux

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/supervisor_xmlrpc_exec.rb

View Code ZIP pw:eip

Nuclei Templates (1)

XML-RPC Server - Remote Code Execution

HIGHby notnotnotveg

Shodan: http.title:"Supervisor Status" || http.title:"supervisor status"

FOFA: title="supervisor status"

References (12)

[Third Party Advisory] http://www.debian.org/security/2017/dsa-3942

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2017:3005

[Release Notes, Vendor Advisory] https://github.com/Supervisor/supervisor/blob/3.0.1/CHANGES.txt

[Release Notes, Vendor Advisory] https://github.com/Supervisor/supervisor/blob/3.1.4/CHANGES.txt

[Release Notes, Vendor Advisory] https://github.com/Supervisor/supervisor/blob/3.2.4/CHANGES.txt

[Release Notes, Vendor Advisory] https://github.com/Supervisor/supervisor/blob/3.3.3/CHANGES.txt

[Issue Tracking, Vendor Advisory] https://github.com/Supervisor/supervisor/issues/964

[Third Party Advisory] https://security.gentoo.org/glsa/201709-06

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/42779/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4GMSCGMM477N64Z3BM34RWYBGSLK466B/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DTPDZV4ZRICDYAYZVUHSYZAYDLRMG2IM/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXGWOJNSWWK2TTWQJZJUP66FLFIWDMBQ/

Scores

CVSS v3 8.8

EPSS 0.9383

EPSS Percentile 99.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2021-04-08

InTheWild.io 2021-04-08

CWE

CWE-276

Status published

Products (19)

debian/debian_linux 8.0

debian/debian_linux 9.0

fedoraproject/fedora 24

fedoraproject/fedora 25

fedoraproject/fedora 26

pypi/supervisor 0 - 3.0.1PyPI

redhat/cloudforms 4.5

supervisord/supervisor 3.1.0

supervisord/supervisor 3.1.1

supervisord/supervisor 3.1.2

... and 9 more

Published Aug 23, 2017

Tracked Since Feb 18, 2026