CVE-2017-11610 — Vulnetix

Try Vulnetix Request Demo

CVE-2017-11610 PUBLISHED

The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups.

EPSS 93.83% · 99.9th percentile

Risk Scores

EPSS Score

93.83%

99.9th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:16.04:LTS	supervisor	3.2.0-2ubuntu0.1, 3.2.0-1, 3.2.0-2
Ubuntu:14.04:LTS	supervisor	3.0b2-1, 0

Timeline

Jan 19, 1970 VulnCheck XDB Entry
Jan 19, 1970 VulnCheck XDB Entry
Aug 23, 2017 CVE Published
Sep 25, 2017 PoC Published
Sep 25, 2017 PoC Published
May 29, 2018 PoC Published
Oct 9, 2020 PoC Published
Apr 8, 2021 VulnCheck KEV Exploitation
Apr 14, 2021 EPSS Score
Apr 22, 2021 VulnCheck KEV Exploitation
Apr 24, 2021 VulnCheck KEV Exploitation
Jun 22, 2021 EPSS Score

References

https://ubuntu.com/security/CVE-2017-11610 third-party-advisory
https://github.com/Supervisor/supervisor/issues/964 third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2017-11610 third-party-advisory

Open in Interactive Console →