CVE-2017-6315 — CRITICAL (9.8)

Vulnerability Description

Astaro Security Gateway (aka ASG) 7 allows remote attackers to execute arbitrary code via a crafted request to index.plx.

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Sophos	Astaro Security Gateway Firmware	7.500
Sophos	Astaro Security Gateway	-

Related Weaknesses (CWE)

CWE-20

References

https://www.exploit-db.com/exploits/42726/Third Party AdvisoryVDB Entry
https://www.exploit-db.com/exploits/42726/Third Party AdvisoryVDB Entry

FAQ

What is CVE-2017-6315?

CVE-2017-6315 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Astaro Security Gateway (aka ASG) 7 allows remote attackers to execute arbitrary code via a crafted request to index.plx.

How severe is CVE-2017-6315?

CVE-2017-6315 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2017-6315?

Check the references section above for vendor advisories and patch information. Affected products include: Sophos Astaro Security Gateway Firmware, Sophos Astaro Security Gateway.