CVE-2017-9812

HIGH

Kaspersky Anti-Virus for Linux File Server < 8.0.3.297 - Arbitrary File Read via getReportStatus reportId Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-9812. PoCs published by Core Security.

AI-analyzed exploit summary This exploit demonstrates a CSRF vulnerability in Kaspersky Anti-Virus for Linux File Server's Web Management Console, allowing remote command execution as the 'kluser' account. It also describes a privilege escalation to root via the quarantine functionality.

Description

The reportId parameter of the getReportStatus action method can be abused in the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312) to read arbitrary files with kluser privileges.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Core Security · textwebappslinux

https://www.exploit-db.com/exploits/42269

View Code ZIP pw:eip

This exploit demonstrates a CSRF vulnerability in Kaspersky Anti-Virus for Linux File Server's Web Management Console, allowing remote command execution as the 'kluser' account. It also describes a privilege escalation to root via the quarantine functionality.

Classification

Working Poc 95%

Attack Type

Rce | Lpe

Complexity

Moderate

Reliability

Reliable

Target: Kaspersky Anti-Virus for Linux File Server 8.0.3.297

Auth required

Prerequisites: Authenticated session to the Web Management Console · Network access to the target server

MITRE ATT&CK