CVE-2017-6445

Sažetak

The auto-update feature of Open Embedded Linux Entertainment Center (OpenELEC) 6.0.3, 7.0.1, and 8.0.4 uses neither encrypted connections nor signed updates. A man-in-the-middle attacker could manipulate the update packages to gain root access remotely.

Reference

http://www.securityfocus.com/bid/96580
https://tech.feedyourhead.at/content/openelec-cve-2017-6445-revisited
https://tech.feedyourhead.at/content/openelec-remote-code-execution-vulnerability-through-man-in-the-middle

CVSS

Base:	7.6
Impact:	10.0
Exploitability:	4.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:H/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

03-10-2019 - 00:03

Objavljeno

05-03-2017 - 20:59