CVE-2017-8916

HIGH

CIS-CAT Pro Dashboard <1.0.4 - Privilege Escalation

Title source: llm

Description

In Center for Internet Security CIS-CAT Pro Dashboard before 1.0.4, an authenticated user is able to change an administrative user's e-mail address and send a forgot password email to themselves, thereby gaining administrative access.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://www.cisecurity.org/cis-security-updates/incorrect-access-control-cve-2017-8916/

Scores

CVSS v3 7.8

EPSS 0.0028

EPSS Percentile 19.2%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-640

Status published

Products (4)

cisecurity/cis-cat_pro_dashboard 1.0.0

cisecurity/cis-cat_pro_dashboard 1.0.1

cisecurity/cis-cat_pro_dashboard 1.0.2

cisecurity/cis-cat_pro_dashboard 1.0.3

Published Jan 31, 2018

Tracked Since Feb 18, 2026