What is the severity of CVE-2018-7567?

CVE-2018-7567 is considered to be a serious vulnerability due to its potential for Blind Remote Code Execution.

How do I fix CVE-2018-7567?

To mitigate CVE-2018-7567, it is recommended to update OTRS to the latest stable version that addresses this vulnerability.

Who is affected by CVE-2018-7567?

CVE-2018-7567 affects authenticated administrators using OTRS versions 5.0.0 through 5.0.24 and 6.0.0 through 6.0.1.

What type of vulnerability is CVE-2018-7567?

CVE-2018-7567 is classified as a Blind Remote Code Execution vulnerability.

What can an attacker do with CVE-2018-7567?

An attacker exploiting CVE-2018-7567 can execute arbitrary commands on the server by loading a malicious opm file.

Vulnerability/
CVE-2018-7567

critical

CWE

434

4/3/2018

5/8/2024

CVE-2018-7567: Malicious File Upload

First published: Sun Mar 04 2018(Updated: )

** DISPUTED ** In the Admin Package Manager in Open Ticket Request System (OTRS) 5.0.0 through 5.0.24 and 6.0.0 through 6.0.1, authenticated admins are able to exploit a Blind Remote Code Execution vulnerability by loading a crafted opm file with an embedded CodeInstall element to execute a command on the server during package installation. NOTE: the vendor disputes this issue stating "the behaviour is as designed and needed for different packages to be installed", "there is a security warning if the package is not verified by OTRS Group", and "there is the possibility and responsibility of an admin to check packages before installation which is possible as they are not binary."

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
OTRS	>=5.0.0<=5.0.23
OTRS	=6.0.0
OTRS	=6.0.1

Never miss a vulnerability like this again

Reference Links

https://0day.today/exploit/29938

Frequently Asked Questions

What is the severity of CVE-2018-7567?
CVE-2018-7567 is considered to be a serious vulnerability due to its potential for Blind Remote Code Execution.
How do I fix CVE-2018-7567?
To mitigate CVE-2018-7567, it is recommended to update OTRS to the latest stable version that addresses this vulnerability.
Who is affected by CVE-2018-7567?
CVE-2018-7567 affects authenticated administrators using OTRS versions 5.0.0 through 5.0.24 and 6.0.0 through 6.0.1.
What type of vulnerability is CVE-2018-7567?
CVE-2018-7567 is classified as a Blind Remote Code Execution vulnerability.
What can an attacker do with CVE-2018-7567?
An attacker exploiting CVE-2018-7567 can execute arbitrary commands on the server by loading a malicious opm file.

agent/type
agent/references
agent/severity
agent/weakness
agent/author
agent/status
agent/softwarecombine
agent/description
collector/mitre-cve
source/MITRE
agent/first-publish-date
agent/event
agent/last-modified-date
agent/source
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/nvd-index
vendor/otrs
canonical/otrs
version/otrs/5.0.0
version/otrs/5.0.23
version/otrs/6.0.0
version/otrs/6.0.1
status/disputed

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.