CVE-2017-6590 — Vulnetix

Try Vulnetix Request Demo

CVE-2017-6590 PUBLISHED

An issue was discovered in network-manager-applet (aka network-manager-gnome) in Ubuntu 12.04 LTS, 14.04 LTS, 16.04 LTS, and 16.10. A local attacker could use this issue at the default Ubuntu login screen to access local files and execute arbitrary commands as the lightdm user. The exploitation requires physical access to the locked computer and the Wi-Fi must be turned on. An access point that lets you use a certificate to login is required as well, but it's easy to create one. Then, it's possible to open a nautilus window and browse directories. One also can open some applications such as Firefox, which is useful for downloading malicious binaries.

EPSS 0.03% · 8.6th percentile

Risk Scores

EPSS Score

0.03%

8.6th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:16.04:LTS	network-manager-applet	0, 0.9.10.1-0ubuntu7, 1.0.4-0ubuntu1
Ubuntu:14.04:LTS	network-manager-applet	0.9.8.8-0ubuntu4.2, 0, 0.9.8.8-0ubuntu4.4

Timeline

Mar 7, 2017 CVE Published
Apr 14, 2021 EPSS Score
Jun 22, 2021 EPSS Score
Aug 23, 2021 EPSS Score
Oct 24, 2021 EPSS Score
Dec 25, 2021 EPSS Score
Feb 25, 2022 EPSS Score
Apr 28, 2022 EPSS Score
Jun 29, 2022 EPSS Score
Aug 31, 2022 EPSS Score
Nov 1, 2022 EPSS Score
Jan 2, 2023 EPSS Score

References

https://ubuntu.com/security/CVE-2017-6590 third-party-advisory
https://bugs.launchpad.net/ubuntu/+source/network-manager-applet/+bug/1668321 third-party-advisory
https://www.ubuntu.com/usn/usn-3217-1/ third-party-advisory
https://www.youtube.com/watch?v=Fp2lwRVg0l0 third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2017-6590 third-party-advisory

Open in Interactive Console →