Vulnerability Description
Skybox Manager Client Application prior to 8.5.501 is prone to an arbitrary file upload vulnerability due to insufficient input validation of user-supplied files path when uploading files via the application. During a debugger-pause state, a local authenticated attacker can upload an arbitrary file and overwrite existing files within the scope of the affected application.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Skyboxsecurity | Skybox Manager Client Application | <= 8.5.500 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/101069Third Party AdvisoryVDB Entry
- https://lp.skyboxsecurity.com/rs/440-MPQ-510/images/Skybox_Product_Security_AdviVendor Advisory
- http://www.securityfocus.com/bid/101069Third Party AdvisoryVDB Entry
- https://lp.skyboxsecurity.com/rs/440-MPQ-510/images/Skybox_Product_Security_AdviVendor Advisory
FAQ
What is CVE-2017-14771?
CVE-2017-14771 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Skybox Manager Client Application prior to 8.5.501 is prone to an arbitrary file upload vulnerability due to insufficient input validation of user-supplied files path when uploading files via the appl...
How severe is CVE-2017-14771?
CVE-2017-14771 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-14771?
Check the references section above for vendor advisories and patch information. Affected products include: Skyboxsecurity Skybox Manager Client Application.