CVE-2017-6885 - OpenCVE

An error when handling certain external commands and services related to the FlexNet Inventory Agent and FlexNet Beacon of the Flexera Software FlexNet Manager Suite 2017 before 2017 R1 and 2014 R3 through 2016 R1 SP1 can be exploited to gain elevated privileges.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Flexerasoftware	Flexnet Manager Suite

Configuration 1 [-]

OR	cpe:2.3:a:flexerasoftware:flexnet_manager_suite:2014:::::::*
	cpe:2.3:a:flexerasoftware:flexnet_manager_suite:2015:::::::*
	cpe:2.3:a:flexerasoftware:flexnet_manager_suite:2016:::::::*
	cpe:2.3:a:flexerasoftware:flexnet_manager_suite:2017:::::::*

No data.

References

Link	Providers
https://secuniaresearch.flexerasoftware.com/advisories/76223/

History

No history.

MITRE

Status: PUBLISHED

Assigner: flexera

Published: 2017-05-16T15:00:00

Updated: 2024-08-05T15:41:17.696Z

Reserved: 2017-03-14T00:00:00

Link: CVE-2017-6885

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2017-05-16T16:29:00.173

Modified: 2019-10-03T00:03:26.223

Link: CVE-2017-6885

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "FlexNet Manager Suite", "vendor": "Flexera Software LLC", "versions": [{"status": "affected", "version": "2017 prior to 2017 R1"}, {"status": "affected", "version": "2014 R3 through 2016 R1 SP1"}]}], "datePublic": "2017-04-18T00:00:00", "descriptions": [{"lang": "en", "value": "An error when handling certain external commands and services related to the FlexNet Inventory Agent and FlexNet Beacon of the Flexera Software FlexNet Manager Suite 2017 before 2017 R1 and 2014 R3 through 2016 R1 SP1 can be exploited to gain elevated privileges."}], "problemTypes": [{"descriptions": [{"description": "Privilege escalation by locally authenticated users", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-05-16T14:57:01", "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "shortName": "flexera"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://secuniaresearch.flexerasoftware.com/advisories/76223/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "PSIRT-CNA@flexerasoftware.com", "ID": "CVE-2017-6885", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "FlexNet Manager Suite", "version": {"version_data": [{"version_value": "2017 prior to 2017 R1"}, {"version_value": "2014 R3 through 2016 R1 SP1"}]}}]}, "vendor_name": "Flexera Software LLC"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An error when handling certain external commands and services related to the FlexNet Inventory Agent and FlexNet Beacon of the Flexera Software FlexNet Manager Suite 2017 before 2017 R1 and 2014 R3 through 2016 R1 SP1 can be exploited to gain elevated privileges."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Privilege escalation by locally authenticated users"}]}]}, "references": {"reference_data": [{"name": "https://secuniaresearch.flexerasoftware.com/advisories/76223/", "refsource": "MISC", "url": "https://secuniaresearch.flexerasoftware.com/advisories/76223/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T15:41:17.696Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://secuniaresearch.flexerasoftware.com/advisories/76223/"}]}]}, "cveMetadata": {"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "assignerShortName": "flexera", "cveId": "CVE-2017-6885", "datePublished": "2017-05-16T15:00:00", "dateReserved": "2017-03-14T00:00:00", "dateUpdated": "2024-08-05T15:41:17.696Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:flexerasoftware:flexnet_manager_suite:2014:*:*:*:*:*:*:*", "matchCriteriaId": "1893249B-393C-4138-A83E-94DBA1CAAF75", "vulnerable": true}, {"criteria": "cpe:2.3:a:flexerasoftware:flexnet_manager_suite:2015:*:*:*:*:*:*:*", "matchCriteriaId": "85F8EB93-DA69-42A1-93E1-DE97D58301E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:flexerasoftware:flexnet_manager_suite:2016:*:*:*:*:*:*:*", "matchCriteriaId": "6A77E6F8-A668-41B4-B12F-40F297EEDBBB", "vulnerable": true}, {"criteria": "cpe:2.3:a:flexerasoftware:flexnet_manager_suite:2017:*:*:*:*:*:*:*", "matchCriteriaId": "7B4C52C7-6546-4272-926B-CADBED1E1AC1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An error when handling certain external commands and services related to the FlexNet Inventory Agent and FlexNet Beacon of the Flexera Software FlexNet Manager Suite 2017 before 2017 R1 and 2014 R3 through 2016 R1 SP1 can be exploited to gain elevated privileges."}, {"lang": "es", "value": "Un error al manejar ciertos comandos y servicios externos relacionados con el Inventory Agent y Beacon de FlexNet del Flexera Software FlexNet Manager Suite versiones 2017 anterior a 2017 R1 y versiones 2014 R3 hasta 2016 R1 SP1, pueden ser explotados para alcanzar privilegios elevados."}], "id": "CVE-2017-6885", "lastModified": "2019-10-03T00:03:26.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-05-16T16:29:00.173", "references": [{"source": "PSIRT-CNA@flexerasoftware.com", "tags": ["Permissions Required"], "url": "https://secuniaresearch.flexerasoftware.com/advisories/76223/"}], "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}