CVE-2017-6554

Published: Apr 14, 2017Modified: May 13, 2026

7.2

Vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

pmmasterd in Quest Privilege Manager before 6.0.0.061, when configured as a policy server, allows remote attackers to write to arbitrary files and consequently execute arbitrary code with root privileges via an ACT_NEWFILESENT action.

Affected (2)

Products: Quest: Privilege Manager

Quest

1 product

Privilege Manager

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Quest Privilege Manager	Version 6.0.0-27
Quest Privilege Manager	Version 6.0.0-50

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (10)

http://packetstormsecurity.com/files/142095/Quest-Privilege-Manager-6.0.0-Arbitrary-File-Write.html

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/97686

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://0xdeadface.wordpress.com/2017/04/07/multiple-vulnerabilities-in-quest-privilege-manager-6-0-0-xx-cve-2017-6553-cve-2017-6554/

Source: cve@mitre.org

https://support.oneidentity.com/privilege-manager-for-unix/kb/SOL133824

Source: cve@mitre.org

https://www.exploit-db.com/exploits/41861/

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

http://packetstormsecurity.com/files/142095/Quest-Privilege-Manager-6.0.0-Arbitrary-File-Write.html