Vulnerability CVE-2017-7444


Published: 2017-04-05

Description:
In Veritas System Recovery before 16 SP1, there is a DLL hijacking vulnerability in the patch installer if an attacker has write access to the directory from which the product is executed.

Type:

CWE-noinfo

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Veritas -> System recovery 

 References:
http://www.securityfocus.com/bid/97483
https://www.veritas.com/content/support/en_US/security/VTS17-001.html#Issue1

Copyright 2024, cxsecurity.com

 

Back to Top