CVE-2017-9447

HIGH

Parallels RAS 15.5 Build 16140 - Path Traversal

Title source: llm
STIX 2.1

Description

In the web interface of Parallels Remote Application Server (RAS) 15.5 Build 16140, a vulnerability exists due to improper validation of the file path when requesting a resource under the "RASHTML5Gateway" directory. A remote, unauthenticated attacker could exploit this weakness to read arbitrary files from the vulnerable system using path traversal sequences.

References (2)

Core 2
Core References
Broken Link exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/442321/
Exploit, Third Party Advisory x_refsource_misc
https://blog.runesec.com/2018/02/22/parallels-ras-path-traversal/

Scores

CVSS v3 7.5
EPSS 0.0205
EPSS Percentile 78.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-22
Status published
Products (1)
parallels/remote_application_server 15.5
Published Feb 28, 2018
Tracked Since Feb 18, 2026