CVE-2017-13779

Published: Sep 14, 2017Modified: May 13, 2026

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

GSTN_offline_tool in India Goods and Services Tax Network (GSTN) Offline Utility tool before 1.2 executes winstart-server.vbs from the "C:\GST Offline Tool" directory, which has insecure permissions. This allows local users to gain privileges by replacing winstart-server.vbs with arbitrary VBScript code. For example, a local user could create VBScript code for a TCP reverse shell, and use that later for Remote Command Execution.

Affected (1)

Products: Gstn: India Goods And Services Tax Network Offline Utility Tool

1 product

India Goods And Services Tax Network Offline Utility Tool

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Gstn India Goods And Services Tax Network Offline Utility Tool	Up to 1.1

Related CWEs

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (2)

https://tink2hack.blogspot.in/2017/09/writeup-of-cve-2017-13779-remote.html

Source: cve@mitre.org

ExploitTechnical DescriptionThird Party Advisory

https://tink2hack.blogspot.in/2017/09/writeup-of-cve-2017-13779-remote.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitTechnical DescriptionThird Party Advisory

Timeline

No history available yet.