CVE-2017-14480

Published: May 9, 2018Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

In the MMM::Agent::Helpers::Network::clear_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for FreeBSD), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\_agentd process. An attacker that can initiate a TCP session with mmm\_agentd can trigger this vulnerability.

Affected (1)

Products: Mysql Mmm: Mysql Multi Master Replication Manager

1 product

Mysql Multi Master Replication Manager

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mysql Mmm Mysql Multi Master Replication Manager	Version 2.2.1

Related CWEs

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (2)

https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0501

Source: talos-cna@cisco.com

ExploitTechnical DescriptionThird Party Advisory

https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0501

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitTechnical DescriptionThird Party Advisory

Timeline

No history available yet.