CVE-2017-9606

HIGH

Infotecs ViPNet Client and Coordinator <4.3.2-42442 - Privilege Escalation via Trojan Update

Title source: llm

Description

Infotecs ViPNet Client and Coordinator before 4.3.2-42442 allow local users to gain privileges by placing a Trojan horse ViPNet update file in the update folder. The attack succeeds because of incorrect folder permissions in conjunction with a lack of integrity and authenticity checks.

Exploits (1)

nomisec WRITEUP

by Houl777 · poc

https://github.com/Houl777/CVE-2017-9606

View Code ZIP pw:eip

References (1)

[Third Party Advisory] https://github.com/Houl777/CVE-2017-9606

Scores

CVSS v3 7.3

EPSS 0.0002

EPSS Percentile 6.3%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-345 CWE-354 CWE-732

Status published

Products (2)

infotecs/vipnet_client < 4.3.1

infotecs/vipnet_coordinator < 4.3.1

Published Jun 15, 2017

Tracked Since Feb 18, 2026