CVE-2017-9324 — Improper Privilege Management in Otrs

CWE-269 — Improper Privilege Management5 documents5 sources

Severity

8.8HIGHNVD

EPSS

1.4%

top 19.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Otrs2 Otrs Debian Linux

Timeline

PublishedJun 12

Latest updateMay 13

Description

In Open Ticket Request System (OTRS) 3.3.x through 3.3.16, 4.x through 4.0.23, and 5.x through 5.0.19, an attacker with agent permission is capable of opening a specific URL in a browser to gain administrative privileges / full access. Afterward, all system settings can be read and changed. The URLs in question contain index.pl?Action=Installer with ;Subaction=Intro or ;Subaction=Start or ;Subaction=System appended at the end.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶debiandebian/otrs2< otrs2 5.0.20-1 (bullseye)

▶NVDotrs/otrs3.3.0 — 3.3.16+2

Also affects: Debian Linux 8.0, 9.0

🔴Vulnerability Details

GHSA

GHSA-6qr2-3mhf-p75w: In Open Ticket Request System (OTRS) 3↗2022-05-13

▶

OSV

CVE-2017-9324: In Open Ticket Request System (OTRS) 3↗2017-06-12

▶

🔍Detection Rules

Suricata

ET WEB_SPECIFIC_APPS OTRS Installation Dialog (after auth) attempt↗2017-06-08

▶

📋Vendor Advisories

Debian

CVE-2017-9324: otrs2 - In Open Ticket Request System (OTRS) 3.3.x through 3.3.16, 4.x through 4.0.23, a...↗2017

▶