CVE-2017-9822

Description

DNN (aka DotNetNuke) before 9.1.1 has Remote Code Execution via a cookie, aka "2017-08 (Critical) Possible remote code execution on DNN sites."

How to fix CVE-2017-9822

To remediate CVE-2017-9822, upgrade the affected package to a fixed version below.

• NuGet/DotNetNuke.Core—upgrade to 9.1.1 or later

Is CVE-2017-9822 being exploited?

Yes — CVE-2017-9822 is on the CISA Known Exploited Vulnerabilities (KEV) catalog. Patch immediately.

Affected packages (1)

• from 0, < 9.1.1

CVSS scores

References (5)

• ADVISORYgithub.com/advisories/GHSA-x2rg-fmcv-crq5
• ADVISORYnvd.nist.gov/vuln/detail/CVE-2017-9822
• WEBpacketstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html
• WEBwww.dnnsoftware.com/community/security/security-center