Vulnerability Description
Serviio PRO 1.8 contains an information disclosure vulnerability due to improper access control enforcement in the Configuration REST API that allows unauthenticated attackers to access sensitive information. Remote attackers can send specially crafted requests to the REST API endpoints to retrieve potentially sensitive configuration data without authentication.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- http://www.securitylab.ru/poc/486048.php
- https://blogs.securiteam.com/index.php/archives/3094
- https://cxsecurity.com/issue/WLB-2017050022
- https://exchange.xforce.ibmcloud.com/vulnerabilities/125646
- https://packetstormsecurity.com/files/142383
- https://www.exploit-db.com/exploits/41958/
- https://www.vulncheck.com/advisories/serviio-pro-rest-api-information-disclosure
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5404.php
FAQ
What is CVE-2017-20217?
CVE-2017-20217 is a vulnerability with a CVSS score of 7.5 (HIGH). Serviio PRO 1.8 contains an information disclosure vulnerability due to improper access control enforcement in the Configuration REST API that allows unauthenticated attackers to access sensitive info...
How severe is CVE-2017-20217?
CVE-2017-20217 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-20217?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.