Communication Channel Errors

CVE-2017-1000197

High

9.8/10

Summary

October CMS up to build 412 is vulnerable to file path modification in asset move functionality resulting in creating malicious files on the server.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-417 - Communication Channel Errors

Weaknesses in this category are related to improper handling of communication channels and access paths. These weaknesses include problems in creating, managing, or removing alternate channels and alternate paths. Some of these can overlap virtual file problems and are commonly used in "bypass" attacks, such as those that exploit authentication errors.

References

Release Note
Pull request

Advisory Timeline

Published Nov 17, 2017

Communication Channel Errors

CVE-2017-1000197

Summary

CWE-417 - Communication Channel Errors

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS