Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-8051OS Command Injection in Appliance

CWE-78OS Command Injection4 documents4 sources
Severity
9.8CRITICALNVD
EPSS
53.1%
top 2.03%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Tenable Appliance
Timeline
PublishedApr 21
Latest updateMay 13

Description

Tenable Appliance 3.5 - 4.4.0, and possibly prior versions, contains a flaw in the simpleupload.py script in the Web UI. Through the manipulation of the tns_appliance_session_user parameter, a remote attacker can inject arbitrary commands.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

NVDtenable/appliance11 versions+10

Patches

Patch: www.tenable.comPatch: www.tenable.com

🔴Vulnerability Details

2
GHSA
GHSA-qr49-hq7w-3936: Tenable Appliance 32022-05-13
CVEList
CVE-2017-8051: Tenable Appliance 32017-04-21

💥Exploits & PoCs

1
Exploit-DB
Tenable Appliance < 4.5 - Root Remote Code Execution2017-04-18
CVE-2017-8051 — OS Command Injection in Appliance | cvebase