CVE-2017-16544
critical-risk
Published 2017-11-20
In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks.
Do I need to act?
~
3.3% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10
High
NETWORK
/ LOW complexity
Affected Products (20)
References (40)
Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2019-0013.html
Third Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01
Third Party Advisory
https://usn.ubuntu.com/3935-1/
Third Party Advisory
https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulne...
and 20 more references
70
/ 100
critical-risk
Severity
30/34 · Critical
Exploitability
7/34 · Low
Exposure
33/34 · Critical