Home
Mapping Frameworks
Known Exploited Vulnerabilities Home
DotNetNuke (DNN) Remote Code Execution Vulnerability

Known Exploited Vulnerabilities CVE-2017-9822

DNN (aka DotNetNuke) before 9.1.1 has Remote Code Execution via a cookie, aka "2017-08 (Critical) Possible remote code execution on DNN sites."

Mappings

Capability ID	Capability Description	Mapping Type	ATT&CK ID	ATT&CK Name	Notes
CVE-2017-9822	DotNetNuke (DNN) Remote Code Execution Vulnerability	secondary_impact	T1496	Resource Hijacking	Comments CVE-2017-9822 is a vulnerability allows an attacker to exploit cookie deserialization, leading to remote code execution (RCE). It has been noted for its potential impact on various web applications References https://www.bleepingcomputer.com/news/security/-zealot-campaign-uses-nsa-exploits-to-mine-monero-on-windows-and-linux-servers/ https://media.defense.gov/2019/Jul/16/2002157839/-1/-1/0/CSA-DOTNETNUKE.PDF
CVE-2017-9822	DotNetNuke (DNN) Remote Code Execution Vulnerability	primary_impact	T1059	Command and Scripting Interpreter	Comments CVE-2017-9822 is a vulnerability allows an attacker to exploit cookie deserialization, leading to remote code execution (RCE). It has been noted for its potential impact on various web applications References https://www.bleepingcomputer.com/news/security/-zealot-campaign-uses-nsa-exploits-to-mine-monero-on-windows-and-linux-servers/ https://media.defense.gov/2019/Jul/16/2002157839/-1/-1/0/CSA-DOTNETNUKE.PDF
CVE-2017-9822	DotNetNuke (DNN) Remote Code Execution Vulnerability	exploitation_technique	T1190	Exploit Public-Facing Application	Comments CVE-2017-9822 is a vulnerability allows an attacker to exploit cookie deserialization, leading to remote code execution (RCE). It has been noted for its potential impact on various web applications References https://www.bleepingcomputer.com/news/security/-zealot-campaign-uses-nsa-exploits-to-mine-monero-on-windows-and-linux-servers/ https://media.defense.gov/2019/Jul/16/2002157839/-1/-1/0/CSA-DOTNETNUKE.PDF