Multiple vulnerabilities in Kaspersky Anti-Virus for Linux File Server
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2017-9810 CVE-2017-9813 CVE-2017-9811 CVE-2017-9812 |
| CWE-ID | CWE-79 CWE-352 CWE-77 CWE-22 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. Public exploit code for vulnerability #3 is available. Public exploit code for vulnerability #4 is available. |
| Vulnerable software Subscribe |
Kaspersky Anti-Virus Client/Desktop applications / Antivirus software/Personal firewalls |
| Vendor | Kaspersky Lab |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Cross-site scripting
EUVDB-ID: #VU7233
Risk: Low
CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-9810
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: Yes
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability is caused by incorrect filtration of input data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in victim’s browser in security context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationUpdate to version 8.0.4.312.
Vulnerable software versionsKaspersky Anti-Virus: 8.0
External linkshttp://support.kaspersky.com/vulnerability.aspx?el=12430#280617
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Cross-site request forgery
EUVDB-ID: #VU7234
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-9813
CWE-ID:
CWE-352 - Cross-Site Request Forgery (CSRF)
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform CSRF attacks.
The vulnerability exists due to improper validation of HTML code from user-supplied input by the Web Management Console. A remote attacker can execute arbitrary scripting code that originate from the site running the Kaspersky Anti-Virus software and will run in the security context of that site and access the target user's cookies (including authentication cookies)
Successful exploitation of the vulnerability may result in cross-site request forgery conducting.Mitigation
Update to version 8.0.4.312.
Vulnerable software versionsKaspersky Anti-Virus: 8.0
External linkshttp://support.kaspersky.com/vulnerability.aspx?el=12430#280617
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
3) Privilege escalation
EUVDB-ID: #VU7235
Risk: Low
CVSSv3.1: 7.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-9811
CWE-ID:
CWE-77 - Command injection
Exploit availability: Yes
DescriptionThe disclosed vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to a flaw in the quarantine read and write operations. A local attacker with 'kluser' privileges can send a specially crafted input to execute arbitrary commands with root privileges.
Successful exploitation of the vulnerability may result in system compromise.Mitigation
Update to version 8.0.4.312.
Vulnerable software versionsKaspersky Anti-Virus: 8.0
External linkshttp://support.kaspersky.com/vulnerability.aspx?el=12430#280617
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
4) Path traversal
EUVDB-ID: #VU7236
Risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-9812
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: Yes
DescriptionThe vulnerability allows a remote authenticated attacker to obtain potentially sensitive information on the target system.
The weakness exists due to a path traversal flaw in the Web Management Console. A remote attacker can send a specially crafted input and view files on the target system with the 'kluser' privileges.
Successful exploitation of the vulnerability may result in information disclosure.Mitigation
Update to version 8.0.4.312.
Vulnerable software versionsKaspersky Anti-Virus: 8.0
External linkshttp://support.kaspersky.com/vulnerability.aspx?el=12430#280617
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
