Kaspersky Anti-Virus For Linux Server vulnerabilities
4 known vulnerabilities affecting kaspersky/anti-virus_for_linux_server.
Total CVEs
4
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2017-9811P2CRITICALCVSS 9.8PoC≤ 8.0.3.2972017-07-17
CVE-2017-9811 [CRITICAL] CWE-20 CVE-2017-9811: The kluser is able to interact with the kav4fs-control binary in Kaspersky Anti-Virus for Linux File
The kluser is able to interact with the kav4fs-control binary in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). By abusing the quarantine read and write operations, it is possible to elevate the privileges to root.
nvd
CVE-2017-9812P2HIGHCVSS 7.5PoC≤ 8.0.3.2972017-07-17
CVE-2017-9812 [HIGH] CWE-200 CVE-2017-9812: The reportId parameter of the getReportStatus action method can be abused in the web interface in Ka
The reportId parameter of the getReportStatus action method can be abused in the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312) to read arbitrary files with kluser privileges.
nvd
CVE-2017-9810P3HIGHCVSS 8.8PoC≤ 8.0.3.2972017-07-17
CVE-2017-9810 [HIGH] CWE-352 CVE-2017-9810: There are no Anti-CSRF tokens in any forms on the web interface in Kaspersky Anti-Virus for Linux Fi
There are no Anti-CSRF tokens in any forms on the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). This would allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain.
nvd
CVE-2017-9813P3MEDIUMCVSS 6.1PoC≤ 8.0.3.2972017-07-17
CVE-2017-9813 [MEDIUM] CWE-79 CVE-2017-9813: In Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.
In Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312), the scriptName parameter of the licenseKeyInfo action method is vulnerable to cross-site scripting (XSS).
nvd