Kentico CMS < 9.0.51 / 10.x < 10.0.48 Access Control Bypass

critical Web App Scanning Plugin ID 98994

Synopsis

Kentico CMS < 9.0.51 / 10.x < 10.0.48 Access Control Bypass

Description

Kentico CMS is a common ASP.NET Content Management System (CMS) used for building websites and online stores.

Kentico CMS versions before 9.0.51 and 10.0 before 10.0.48 allows remote attackers to gain Global Administrator access by visiting CMSInstall/install.aspx and then browsing the CMS Administration Dashboard.

Solution

Upgrade to patched versions 9.0.51 or 10.0.48. An immediate fix is to restrict access to the /CMSInstall/install.aspx page in the web.config file.

See Also

http://devnet.kentico.com/download/hotfixes

https://blog.hivint.com/advisory-access-control-bypass-in-kentico-cms-cve-2017-17736-49e1e43ae55b

Plugin Details

Severity: Critical

ID: 98994

Type: remote

Published: 4/3/2020

Updated: 9/7/2021

Scan Template: api, basic, full, pci, scan

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2017-17736

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS Score Source: CVE-2017-17736

Vulnerability Information

CPE: cpe:2.3:a:kentico:kentico:*:*:*:*:*:*:*:*

Exploit Available: true

Exploit Ease: Exploits are available

Reference Information

CVE: CVE-2017-17736