CVE-2017-13779CVE-2017-13779

Affected configuration(s):

cpe:/a:gtsn:india_goods_and_services_tax_network_offline_utility_tool:1.1

Date published: 2017-09-14T02:29:03.483-04:00

Date last modified: 2017-09-27T14:07:27.887-04:00

CVSS Score: 7.2

Principal attack vector: LOCAL

Complexity:  LOW

Reference URL: https://tink2hack.blogspot.in/2017/09/writeup-of-cve-2017-13779-remote.html

Summary: GSTN_offline_tool in India Goods and Services Tax Network (GSTN) Offline Utility tool before 1.2 executes winstart-server.vbs from the “C:GST Offline Tool” directory, which has insecure permissions. This allows local users to gain privileges by replacing winstart-server.vbs with arbitrary VBScript code. For example, a local user could create VBScript code for a TCP reverse shell, and use that later for Remote Command Execution.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.