Path Traversal Vulnerability in Parallels Remote Application Server
CVE-2017-9447

7.5HIGH

Key Information:

Vendor: Parallels
Status: Remote Application Server
Vendor: CVE Published:; 28 February 2018

What is CVE-2017-9447?

A vulnerability exists in the web interface of Parallels Remote Application Server (RAS) version 15.5 Build 16140 due to improper validation of file paths. This flaw allows a remote, unauthenticated attacker to exploit the system by using path traversal sequences, enabling them to read arbitrary files. Such unauthorized access can lead to potential data leakage and other security issues, necessitating immediate attention from affected users to mitigate the risk.

References

https://www.exploit-db.com/exploits/442321/

exploitx_refsource_EXPLOIT-DB

https://blog.runesec.com/2018/02/22/parallels-ras-path-tr...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 28, 2018
Vulnerability Reserved
Jun 5, 2017