Vulnerability Description
DenyAll WAF before 6.4.1 allows unauthenticated remote command execution via TCP port 3001 because shell metacharacters can be inserted into the type parameter to the tailDateFile function in /webservices/stream/tail.php. An iToken authentication parameter is required but can be obtained by exploiting CVE-2017-14706. This affects DenyAll i-Suite LTS 5.5.0 through 5.5.12, i-Suite 5.6, Web Application Firewall 5.7, and Web Application Firewall 6.x before 6.4.1, with On Premises or AWS/Azure cloud deployments.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Denyall | I-Suite | 5.5.0 |
| Denyall | Web Application Firewall | 5.7.0 |
Related Weaknesses (CWE)
References
- https://github.com/rapid7/metasploit-framework/pull/8980ExploitThird Party Advisory
- https://pentest.blog/advisory-denyall-web-application-firewall-unauthenticated-rExploitTechnical DescriptionThird Party Advisory
- https://www.denyall.com/blog/advisories/advisory-unauthenticated-remote-code-exeVendor Advisory
- https://github.com/rapid7/metasploit-framework/pull/8980ExploitThird Party Advisory
- https://pentest.blog/advisory-denyall-web-application-firewall-unauthenticated-rExploitTechnical DescriptionThird Party Advisory
- https://www.denyall.com/blog/advisories/advisory-unauthenticated-remote-code-exeVendor Advisory
FAQ
What is CVE-2017-14705?
CVE-2017-14705 is a vulnerability with a CVSS score of 8.1 (HIGH). DenyAll WAF before 6.4.1 allows unauthenticated remote command execution via TCP port 3001 because shell metacharacters can be inserted into the type parameter to the tailDateFile function in /webserv...
How severe is CVE-2017-14705?
CVE-2017-14705 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-14705?
Check the references section above for vendor advisories and patch information. Affected products include: Denyall I-Suite, Denyall Web Application Firewall.