CVE-2017-16921

HIGH

OTRS <6.0.1-4.0.26 - Command Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2017-16921. PoCs published by Bæln0rn, Smarttfoxx.

AI-analyzed exploit summary This exploit leverages a command injection vulnerability in OTRS by manipulating PGP configuration parameters to execute arbitrary shell commands. The PoC demonstrates a reverse Python shell, allowing remote command execution under the web server user's permissions.

Description

In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS as an agent can manipulate form parameters (related to PGP) and execute arbitrary shell commands with the permissions of the OTRS or web server user.

Exploits (2)

exploitdb WORKING POC
by Bæln0rn · textwebappsperl
https://www.exploit-db.com/exploits/43853

This exploit leverages a command injection vulnerability in OTRS by manipulating PGP configuration parameters to execute arbitrary shell commands. The PoC demonstrates a reverse Python shell, allowing remote command execution under the web server user's permissions.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: OTRS 4.0.1-4.0.26, 5.0.0-5.0.24, 6.0.0-6.0.1
Auth required
Prerequisites: Authenticated agent access to OTRS · Web server user permissions to execute commands
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by Smarttfoxx · poc
https://github.com/Smarttfoxx/OTRS-4.0.1-6.0.1-Remote-Command-Execution

This is a functional exploit for CVE-2017-16921, targeting OTRS versions 4.0.1-6.0.1. It authenticates as an agent, manipulates PGP configuration to inject a reverse shell payload, and triggers execution via the AdminPGP interface.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: OTRS 4.0.1-4.0.26, 5.0.0-5.0.24, 6.0.0-6.0.1
Auth required
Prerequisites: Valid agent credentials · Network access to OTRS web interface · Outbound connectivity for reverse shell
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Issue Tracking, Patch, Vendor Advisory x_refsource_confirm
https://www.otrs.com/security-advisory-2017-09-security-update-otrs-framework/
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2017/12/msg00015.html
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/43853/
Mailing List, Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2017/dsa-4066

Scores

CVSS v3 8.8
EPSS 0.1990
EPSS Percentile 97.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-78
Status published
Products (43)
debian/debian_linux 7.0
debian/debian_linux 8.0
debian/debian_linux 9.0
otrs/otrs 4.0.1
otrs/otrs 4.0.2
otrs/otrs 4.0.3
otrs/otrs 4.0.4
otrs/otrs 4.0.5
otrs/otrs 4.0.6
otrs/otrs 4.0.7
... and 33 more
Published Dec 08, 2017
Tracked Since Feb 18, 2026