Detections
Analytics
Kentico CMS < 9.0.51 / 10.x < 10.0.48 Access Control Bypass
critical Web App Scanning Plugin ID 98994
Language:
Synopsis
Kentico CMS < 9.0.51 / 10.x < 10.0.48 Access Control BypassDescription
Kentico CMS is a common ASP.NET Content Management System (CMS) used for building websites and online stores.Kentico CMS versions before 9.0.51 and 10.0 before 10.0.48 allows remote attackers to gain Global Administrator access by visiting CMSInstall/install.aspx and then browsing the CMS Administration Dashboard.
Solution
Upgrade to patched versions 9.0.51 or 10.0.48. An immediate fix is to restrict access to the /CMSInstall/install.aspx page in the web.config file.See Also
http://devnet.kentico.com/download/hotfixes
https://blog.hivint.com/advisory-access-control-bypass-in-kentico-cms-cve-2017-17736-49e1e43ae55b
Plugin Details
Severity: Critical
ID: 98994
Type: remote
Family: Component Vulnerability
Published: 4/3/2020
Updated: 9/7/2021
Scan Template: api, basic, full, pci, scan
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 7.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2017-17736
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS Score Source: CVE-2017-17736
Vulnerability Information
CPE: cpe:2.3:a:kentico:kentico:*:*:*:*:*:*:*:*
Exploit Available: true
Exploit Ease: Exploits are available
Reference Information
CVE: CVE-2017-17736
CWE: 425
OWASP: 2010-A4, 2013-A4, 2013-A9, 2017-A5, 2017-A9, 2021-A1, 2021-A6
WASC: Predictable Resource Location
DISA STIG: APSC-DV-002560, APSC-DV-002630
HIPAA: 164.306(a)(1), 164.306(a)(2), 164.312(a)(1), 164.312(a)(2)(i)
ISO: 27001-A.13.1.1, 27001-A.14.1.2, 27001-A.14.1.3, 27001-A.14.2.5, 27001-A.18.1.3, 27001-A.6.2.2, 27001-A.9.1.2, 27001-A.9.4.1, 27001-A.9.4.4, 27001-A.9.4.5
NIST: sp800_53-AC-3, sp800_53-CM-6b
OWASP API: 2019-API7, 2023-API8
OWASP ASVS: 4.0.2-14.2.1