CVE-2017-14475

State: PUBLISHED · Published: 2018-05-09 · Updated: 2024-09-16 · Assigner: talos

Description

In the MMM::Agent::Helpers::Network::add_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for Linux), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\_agentd process. An attacker that can initiate a TCP session with mmm\_agentd can trigger this vulnerability.

CWE

(none)

Affected

Talos / MySql MMM — v=MMM 2.2.1 [affected]

CVSS

3.0 score=9.8 severity=CRITICAL CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0501 x_refsource_MISC

Source

cvelistV5-main/cves/2017/14xxx/CVE-2017-14475.json