VDB
CVE-2017-15108
CVE-2017-15108
PUBLISHED
spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to inject arbitrary commands to be executed.
EPSS 0.14% · 34.4th percentile
Risk Scores
EPSS Score
0.14%
34.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | spice-vdagent | 0.17.0-1ubuntu1, 0 |
| Ubuntu:16.04:LTS | spice-vdagent | 0, 0.15.0-1.3 |
Timeline
- Jan 20, 2018 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Dec 30, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2017-15108 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2017-15108 third-party-advisory