MagniComp SysInfo Privilege Escalation Vulnerability (Linux/UNIX)

High Nessus Plugin ID 117705

Synopsis

MagniComp SysInfo installation is missing one or more security updates.

Description

The version of MagniComp SysInfo installed on the remote host is prior to 10-H64. It is, therefore, affected by a privilege escalation vulnerability.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to version 10-H64 or later.

See Also

http://www.magnicomp.com/support/cve/CVE-2017-6516.shtml

Plugin Details

Severity: High

ID: 117705

File Name: magnicomp_sysinfo_CVE-2017-6516.nasl

Version: 1.2

Type: local

Family: Misc.

Published: 2018/09/25

Modified: 2018/09/27

Dependencies: 117706

Risk Information

Risk Factor: High

CVSS Score Source: CVE-2017-6516

CVSSv2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSSv3

Base Score: 6.7

Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: x-cpe:/a:magnicomp:sysinfo

Required KB Items: installed_sw/MagniComp SysInfo

Excluded KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2016/08/23

Vulnerability Publication Date: 2016/06/23

Exploitable With

Metasploit (MagniComp SysInfo mcsiwrapper Privilege Escalation)

Reference Information

CVE: CVE-2017-6516

BID: 96934

EDB-ID: 44150