CVE-2017-9270 — Path Traversal in Cryptctl

Severity

9.1CRITICALNVD

CNA8.7

EPSS

0.5%

top 34.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedMar 1

Latest updateMay 13

Description

In cryptctl before version 2.0 a malicious server could send RPC requests that could overwrite files outside of the cryptctl key database.

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 2.3 | Impact: 6.0

▶CVEListV5suse/cryptctlunspecified — 2.0

GHSA

GHSA-whc2-8cpp-f5cp: In cryptctl before version 2↗2022-05-13

▶

CVEList

post-auth arbitrary file write on cryptctl server↗2018-03-01

▶