CVE-2017-17097

critical-risk
Published 2018-01-02

gps-server.net GPS Tracking Software (self hosted) 2.x has a password reset procedure that immediately resets passwords upon an unauthenticated request, and then sends e-mail with a predictable (date-based) password to the admin, which makes it easier for remote attackers to obtain access by predicting this new password. This is related to the use of gmdate for password creation in fn_connect.php.

Do I need to act?

!
36.9% chance of exploitation in next 30 days
EPSS score — higher than 63% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
43431
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (20)

Affected Vendors

Gps-Server

References (6)

Patch https://gist.github.com/pak0s/ea7a80c2614d9cd43cfb8230c65c9fec
Release Notes https://s1.gps-server.net/changelog.txt
Exploit https://www.exploit-db.com/exploits/43431/
Patch https://gist.github.com/pak0s/ea7a80c2614d9cd43cfb8230c65c9fec
Release Notes https://s1.gps-server.net/changelog.txt
Exploit https://www.exploit-db.com/exploits/43431/
71
/ 100
critical-risk
Severity 32/34 · Critical
Exploitability 16/34 · Moderate
Exposure 23/34 · High