Vulnerability Description
The function in charge to check whether the user is already logged in init.php in Interspire Email Marketer (IEM) prior to 6.1.6 allows remote attackers to bypass authentication and obtain administrative access by using the IEM_CookieLogin cookie with a specially crafted value.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Interspire | Email Marketer | <= 6.1.5 |
Related Weaknesses (CWE)
References
- http://seclists.org/fulldisclosure/2017/Oct/39Mailing ListThird Party Advisory
- https://security.infoteam.ch/en/blog/posts/narrative-of-an-incident-response-froBroken Link
- https://www.exploit-db.com/exploits/44513/ExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2017/Oct/39Mailing ListThird Party Advisory
- https://security.infoteam.ch/en/blog/posts/narrative-of-an-incident-response-froBroken Link
- https://www.exploit-db.com/exploits/44513/ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2017-14322?
CVE-2017-14322 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The function in charge to check whether the user is already logged in init.php in Interspire Email Marketer (IEM) prior to 6.1.6 allows remote attackers to bypass authentication and obtain administrat...
How severe is CVE-2017-14322?
CVE-2017-14322 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2017-14322?
Check the references section above for vendor advisories and patch information. Affected products include: Interspire Email Marketer.