cbcvebase.
CVE-2017-14322
published 2017-10-18

CVE-2017-14322: The function in charge to check whether the user is already logged in init.php in Interspire Email Marketer (IEM) prior to 6.1.6 allows remote attackers to…

PriorityP275critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
36.50%
98.3th percentile
The function in charge to check whether the user is already logged in init.php in Interspire Email Marketer (IEM) prior to 6.1.6 allows remote attackers to bypass authentication and obtain administrative access by using the IEM_CookieLogin cookie with a specially crafted value.

Affected

1 ranges
VendorProductVersion rangeFixed in
interspireemail_marketer<= 6.1.5

Detection & IOCsextracted from sources · hover to see the quote

cookieIEM_CookieLogin
cookieIEMSESSIONID
pathinit.php
url?Page=Settings&Tab=2
  • Monitor HTTP requests carrying the IEM_CookieLogin cookie with a crafted/non-standard value — this is the direct authentication bypass vector for CVE-2017-14322.
  • Alert on requests to ?Page=Settings&Tab=2 that carry a forged or injected IEMSESSIONID cookie, as the exploit uses this endpoint to dump sensitive application configuration after authentication bypass.
  • Look for unauthenticated or anomalous access to IEM admin settings pages (Page=Settings) combined with a newly set IEMSESSIONID cookie not preceded by a normal login flow.
  • Presence of output files application_settings_report.txt or privtlbl_settings_report.txt on disk may indicate post-exploitation data exfiltration activity from the IEM exploit.
  • ·The vulnerability exists specifically in init.php's login-check function; only Interspire Email Marketer versions prior to 6.1.6 are affected. Patched installations (6.1.6+) are not vulnerable.

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.