A vulnerability, which was classified as critical, was found in Solare Solar-Log 2.8.4-56/3.5.2-85. This affects an unknown part of the component File Upload. The manipulation leads to privilege escalation. It is possible to initiate the attack remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P
Vendors Products
Solar-log
  • Solar-log 300
  • Solar-log 1200 Firmware
  • Solar-log 800e
  • Solar-log 2000
  • Solar-log 250 Firmware
  • Solar-log 500 Firmware
  • Solar-log 2000 Firmware
  • Solar-log 1000 Firmware
  • Solar-log 300 Firmware
  • Solar-log 500
  • Solar-log 1000 Pm\+ Firmware
  • Solar-log 1000 Pm\+
  • Solar-log 1200
  • Solar-log 800e Firmware
  • Solar-log 1000
  • Solar-log 250

Configuration 1 [-]

AND
OR cpe:2.3:o:solar-log:solar-log_250_firmware:2.8.4-56:*:*:*:*:*:*:*
cpe:2.3:o:solar-log:solar-log_250_firmware:3.5.2-85:*:*:*:*:*:*:*
cpe:2.3:h:solar-log:solar-log_250:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
OR cpe:2.3:o:solar-log:solar-log_300_firmware:2.8.4-56:*:*:*:*:*:*:*
cpe:2.3:o:solar-log:solar-log_300_firmware:3.5.2-85:*:*:*:*:*:*:*
cpe:2.3:h:solar-log:solar-log_300:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
OR cpe:2.3:o:solar-log:solar-log_500_firmware:2.8.4-56:*:*:*:*:*:*:*
cpe:2.3:o:solar-log:solar-log_500_firmware:3.5.2-85:*:*:*:*:*:*:*
cpe:2.3:h:solar-log:solar-log_500:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
OR cpe:2.3:o:solar-log:solar-log_800e_firmware:2.8.4-56:*:*:*:*:*:*:*
cpe:2.3:o:solar-log:solar-log_800e_firmware:3.5.2-85:*:*:*:*:*:*:*
cpe:2.3:h:solar-log:solar-log_800e:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
OR cpe:2.3:o:solar-log:solar-log_1000_firmware:2.8.4-56:*:*:*:*:*:*:*
cpe:2.3:o:solar-log:solar-log_1000_firmware:3.5.2-85:*:*:*:*:*:*:*
cpe:2.3:h:solar-log:solar-log_1000:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
OR cpe:2.3:o:solar-log:solar-log_1000_pm\+_firmware:2.8.4-56:*:*:*:*:*:*:*
cpe:2.3:o:solar-log:solar-log_1000_pm\+_firmware:3.5.2-85:*:*:*:*:*:*:*
cpe:2.3:h:solar-log:solar-log_1000_pm\+:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
OR cpe:2.3:o:solar-log:solar-log_1200_firmware:2.8.4-56:*:*:*:*:*:*:*
cpe:2.3:o:solar-log:solar-log_1200_firmware:3.5.2-85:*:*:*:*:*:*:*
cpe:2.3:h:solar-log:solar-log_1200:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
OR cpe:2.3:o:solar-log:solar-log_2000_firmware:2.8.4-56:*:*:*:*:*:*:*
cpe:2.3:o:solar-log:solar-log_2000_firmware:3.5.2-85:*:*:*:*:*:*:*
cpe:2.3:h:solar-log:solar-log_2000:-:*:*:*:*:*:*:*
References
Link Resource
http://seclists.org/fulldisclosure/2017/Mar/58 Exploit Mailing List Third Party Advisory
https://vuldb.com/?id.98931 Third Party Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: VulDB

Published: 2022-06-09T22:35:54

Updated: 2022-06-09T22:35:54

Reserved: 2022-06-05T00:00:00

Link: CVE-2017-20021

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2022-06-09T23:15:08.047

Modified: 2022-06-17T19:26:00.347

Link: CVE-2017-20021

JSON object: View

cve-icon Redhat Information

No data.

CWE