VDB
CVE-2017-6590
CVE-2017-6590
PUBLISHED
An issue was discovered in network-manager-applet (aka network-manager-gnome) in Ubuntu 12.04 LTS, 14.04 LTS, 16.04 LTS, and 16.10. A local attacker could use this issue at the default Ubuntu login screen to access local files and execute arbitrary commands as the lightdm user. The exploitation requires physical access to the locked computer and the Wi-Fi must be turned on. An access point that lets you use a certificate to login is required as well, but it's easy to create one. Then, it's possible to open a nautilus window and browse directories. One also can open some applications such as Firefox, which is useful for downloading malicious binaries.
EPSS 0.10% · 26.7th percentile
Risk Scores
EPSS Score
0.10%
26.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | network-manager-applet | 0, 0.9.10.1-0ubuntu7, 1.0.4-0ubuntu1 |
| Ubuntu:14.04:LTS | network-manager-applet | 0.9.8.4-1ubuntu1, 0, 0.9.8.8-0ubuntu4.2 |
Exploit Intelligence
Timeline
- Mar 7, 2017 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2017-6590 third-party-advisory
- https://bugs.launchpad.net/ubuntu/+source/network-manager-applet/+bug/1668321 third-party-advisory
- https://www.ubuntu.com/usn/usn-3217-1/ third-party-advisory
- https://www.youtube.com/watch?v=Fp2lwRVg0l0 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2017-6590 third-party-advisory