Vulnerability CVE-2018-7567

Vulnerability Name:

CVE-2018-7567 (CCN-139841)

Assigned:

2018-03-03

Published:

2018-03-03

Updated:

2018-03-29

Summary:

** DISPUTED ** In the Admin Package Manager in Open Ticket Request System (OTRS) 5.0.0 through 5.0.24 and 6.0.0 through 6.0.1, authenticated admins are able to exploit a Blind Remote Code Execution vulnerability by loading a crafted opm file with an embedded CodeInstall element to execute a command on the server during package installation.
Note: the vendor disputes this issue stating "the behaviour is as designed and needed for different packages to be installed", "there is a security warning if the package is not verified by OTRS Group", and "there is the possibility and responsibility of an admin to check packages before installation which is possible as they are not binary."

CVSS v3 Severity:

7.2 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
6.3 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:R)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): High User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

7.2 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
6.3 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:R)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): High User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

9.0 High (CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

9.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-434

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2018-7567

Source: MISC
Type: Exploit, Third Party Advisory
https://0day.today/exploit/29938

Source: XF
Type: UNKNOWN
otrs-cve20187567-cmd-exec(139841)

Source: CCN
Type: Packet Storm Security [03-03-2018]
OTRS Command Injection

Source: CCN
Type: OTRS Web site
Open Ticket Request System (OTRS)

Vulnerable Configuration:

Configuration 1:

cpe:/a:otrs:otrs:*:*:*:*:*:*:*:* (Version >= 5.0.0 and <= 5.0.23)

OR cpe:/a:otrs:otrs:6.0.0:*:*:*:*:*:*:*

OR cpe:/a:otrs:otrs:6.0.1:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:otrs:otrs:5.0.24:*:*:*:*:*:*:*

OR cpe:/a:otrs:otrs:6.0.1:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:com.ubuntu.xenial:def:201875670000000	V	CVE-2018-7567 on Ubuntu 16.04 LTS (xenial) - high.	2018-03-04
oval:com.ubuntu.artful:def:20187567000	V	CVE-2018-7567 on Ubuntu 17.10 (artful) - high.	2018-03-04
oval:com.ubuntu.xenial:def:20187567000	V	CVE-2018-7567 on Ubuntu 16.04 LTS (xenial) - high.	2018-03-04
oval:com.ubuntu.disco:def:201875670000000	V	CVE-2018-7567 on Ubuntu 19.04 (disco) - high.	2018-03-04
oval:com.ubuntu.bionic:def:20187567000	V	CVE-2018-7567 on Ubuntu 18.04 LTS (bionic) - high.	2018-03-04
oval:com.ubuntu.cosmic:def:201875670000000	V	CVE-2018-7567 on Ubuntu 18.10 (cosmic) - high.	2018-03-04
oval:com.ubuntu.cosmic:def:20187567000	V	CVE-2018-7567 on Ubuntu 18.10 (cosmic) - high.	2018-03-04
oval:com.ubuntu.bionic:def:201875670000000	V	CVE-2018-7567 on Ubuntu 18.04 LTS (bionic) - high.	2018-03-04
oval:com.ubuntu.trusty:def:20187567000	V	CVE-2018-7567 on Ubuntu 14.04 LTS (trusty) - high.	2018-03-04

BACK