CVE-2017-17384

nvd nist

Published: Dec 7, 2017Modified: May 13, 2026

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

ISPConfig 3.x before 3.1.9 allows remote authenticated users to obtain root access by creating a crafted cron job.

Affected (56)

Products: Ispconfig: Ispconfig

Ispconfig

1 product

Ispconfig

Configuration A

56 vulnerable

Vulnerable Software	Affected Versions
Ispconfig Ispconfig	Version 3.0.2.1
Ispconfig Ispconfig	Version 3.0.2.2
Ispconfig Ispconfig	Version 3.0.2.2 b1
Ispconfig Ispconfig	Version 3.0.2
Ispconfig Ispconfig	Version 3.0.3.1
Ispconfig Ispconfig	Version 3.0.3.1 rc1
Ispconfig Ispconfig	Version 3.0.3.1 rc2
Ispconfig Ispconfig	Version 3.0.3.2
Ispconfig Ispconfig	Version 3.0.3.2 rc1
Ispconfig Ispconfig	Version 3.0.3.3
Ispconfig Ispconfig	Version 3.0.3.3 rc1
Ispconfig Ispconfig	Version 3.0.3
Ispconfig Ispconfig	Version 3.0.3 b1
Ispconfig Ispconfig	Version 3.0.3 rc1
Ispconfig Ispconfig	Version 3.0.4.1
Ispconfig Ispconfig	Version 3.0.4.1 rc1
Ispconfig Ispconfig	Version 3.0.4.1 rc2
Ispconfig Ispconfig	Version 3.0.4.2
Ispconfig Ispconfig	Version 3.0.4.3
Ispconfig Ispconfig	Version 3.0.4.6
Ispconfig Ispconfig	Version 3.0.4.6 rc1
Ispconfig Ispconfig	Version 3.0.4
Ispconfig Ispconfig	Version 3.0.4 b1
Ispconfig Ispconfig	Version 3.0.5.1
Ispconfig Ispconfig	Version 3.0.5.2
Ispconfig Ispconfig	Version 3.0.5.3
Ispconfig Ispconfig	Version 3.0.5.4
Ispconfig Ispconfig	Version 3.0.5.4 b1
Ispconfig Ispconfig	Version 3.0.5.4 p1
Ispconfig Ispconfig	Version 3.0.5.4 p2
Ispconfig Ispconfig	Version 3.0.5.4 p3
Ispconfig Ispconfig	Version 3.0.5.4 p4
Ispconfig Ispconfig	Version 3.0.5.4 p5
Ispconfig Ispconfig	Version 3.0.5.4 p6
Ispconfig Ispconfig	Version 3.0.5.4 p7
Ispconfig Ispconfig	Version 3.0.5.4 p8
Ispconfig Ispconfig	Version 3.0.5.4 p9
Ispconfig Ispconfig	Version 3.0.5.4 rc1
Ispconfig Ispconfig	Version 3.0.5.4 rc2
Ispconfig Ispconfig	Version 3.0.5
Ispconfig Ispconfig	Version 3.0.5 alpha1
Ispconfig Ispconfig	Version 3.0.5 b1
Ispconfig Ispconfig	Version 3.0.5 rc1
Ispconfig Ispconfig	Version 3.0.5 rc2
Ispconfig Ispconfig	Version 3.1.1
Ispconfig Ispconfig	Version 3.1.1 p1
Ispconfig Ispconfig	Version 3.1.2
Ispconfig Ispconfig	Version 3.1.3
Ispconfig Ispconfig	Version 3.1.4
Ispconfig Ispconfig	Version 3.1.5
Ispconfig Ispconfig	Version 3.1.6
Ispconfig Ispconfig	Version 3.1.7
Ispconfig Ispconfig	Version 3.1.7 p1
Ispconfig Ispconfig	Version 3.1.8
Ispconfig Ispconfig	Version 3.1.8 p1
Ispconfig Ispconfig	Version 3.1

Related CWEs

CWE-269

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

https://www.ispconfig.org/blog/ispconfig-3-1-9-released-important-security-update/

Source: cve@mitre.org

Issue TrackingPatchVendor Advisory

https://www.ispconfig.org/blog/ispconfig-3-1-9-released-important-security-update/

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchVendor Advisory

Timeline

No history available yet.