Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-jhxm-379u-subt
Vulnerability ID VCID-jhxm-379u-subt
Aliases CVE-2017-7466
GHSA-3m8p-xpm6-8ww3
PYSEC-2018-40
Summary Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-20 Improper Input Validation
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3.1 8.0 https://access.redhat.com/errata/RHSA-2017:1244
cvssv4 8.6 https://access.redhat.com/errata/RHSA-2017:1244
generic_textual HIGH https://access.redhat.com/errata/RHSA-2017:1244
cvssv3.1 8.0 https://access.redhat.com/errata/RHSA-2017:1334
cvssv4 8.6 https://access.redhat.com/errata/RHSA-2017:1334
generic_textual HIGH https://access.redhat.com/errata/RHSA-2017:1334
cvssv3.1 8.0 https://access.redhat.com/errata/RHSA-2017:1476
cvssv4 8.6 https://access.redhat.com/errata/RHSA-2017:1476
generic_textual HIGH https://access.redhat.com/errata/RHSA-2017:1476
cvssv3.1 8.0 https://access.redhat.com/errata/RHSA-2017:1499
cvssv4 8.6 https://access.redhat.com/errata/RHSA-2017:1499
generic_textual HIGH https://access.redhat.com/errata/RHSA-2017:1499
cvssv3.1 8.0 https://access.redhat.com/errata/RHSA-2017:1599
cvssv4 8.6 https://access.redhat.com/errata/RHSA-2017:1599
generic_textual HIGH https://access.redhat.com/errata/RHSA-2017:1599
cvssv3.1 8.0 https://access.redhat.com/errata/RHSA-2017:1685
cvssv4 8.6 https://access.redhat.com/errata/RHSA-2017:1685
generic_textual HIGH https://access.redhat.com/errata/RHSA-2017:1685
cvssv3 8.0 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7466.json
epss 0.02741 https://api.first.org/data/v1/epss?cve=CVE-2017-7466
epss 0.02741 https://api.first.org/data/v1/epss?cve=CVE-2017-7466
epss 0.02741 https://api.first.org/data/v1/epss?cve=CVE-2017-7466
epss 0.02741 https://api.first.org/data/v1/epss?cve=CVE-2017-7466
epss 0.02741 https://api.first.org/data/v1/epss?cve=CVE-2017-7466
epss 0.02741 https://api.first.org/data/v1/epss?cve=CVE-2017-7466
epss 0.02741 https://api.first.org/data/v1/epss?cve=CVE-2017-7466
epss 0.02741 https://api.first.org/data/v1/epss?cve=CVE-2017-7466
epss 0.02741 https://api.first.org/data/v1/epss?cve=CVE-2017-7466
epss 0.02741 https://api.first.org/data/v1/epss?cve=CVE-2017-7466
epss 0.02741 https://api.first.org/data/v1/epss?cve=CVE-2017-7466
epss 0.03313 https://api.first.org/data/v1/epss?cve=CVE-2017-7466
epss 0.03313 https://api.first.org/data/v1/epss?cve=CVE-2017-7466
epss 0.03313 https://api.first.org/data/v1/epss?cve=CVE-2017-7466
epss 0.03313 https://api.first.org/data/v1/epss?cve=CVE-2017-7466
cvssv3.1 8.0 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7466
cvssv4 8.6 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7466
generic_textual HIGH https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7466
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-3m8p-xpm6-8ww3
cvssv3.1 8.0 https://github.com/ansible/ansible
cvssv4 8.6 https://github.com/ansible/ansible
generic_textual HIGH https://github.com/ansible/ansible
cvssv3.1 8.0 https://github.com/ansible/ansible/commit/0d418789a298561fded9bce977d34babc9097079
cvssv4 8.6 https://github.com/ansible/ansible/commit/0d418789a298561fded9bce977d34babc9097079
generic_textual HIGH https://github.com/ansible/ansible/commit/0d418789a298561fded9bce977d34babc9097079
cvssv3.1 8.0 https://github.com/ansible/ansible/commit/7ff9fa52cfcef2065f0db80d85dd94b9b754839c
cvssv4 8.6 https://github.com/ansible/ansible/commit/7ff9fa52cfcef2065f0db80d85dd94b9b754839c
generic_textual HIGH https://github.com/ansible/ansible/commit/7ff9fa52cfcef2065f0db80d85dd94b9b754839c
cvssv3.1 8.0 https://github.com/ansible/ansible/issues/24186
cvssv4 8.6 https://github.com/ansible/ansible/issues/24186
generic_textual HIGH https://github.com/ansible/ansible/issues/24186
cvssv3.1 8.0 https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-40.yaml
cvssv4 8.6 https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-40.yaml
generic_textual HIGH https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-40.yaml
cvssv2 8.5 https://nvd.nist.gov/vuln/detail/CVE-2017-7466
cvssv3 8.0 https://nvd.nist.gov/vuln/detail/CVE-2017-7466
cvssv3.1 8.0 https://nvd.nist.gov/vuln/detail/CVE-2017-7466
cvssv4 8.6 https://nvd.nist.gov/vuln/detail/CVE-2017-7466
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2017-7466
cvssv3.1 8.0 https://web.archive.org/web/20170701161323/http://www.securityfocus.com/bid/97595
cvssv4 8.6 https://web.archive.org/web/20170701161323/http://www.securityfocus.com/bid/97595
generic_textual HIGH https://web.archive.org/web/20170701161323/http://www.securityfocus.com/bid/97595
Reference id Reference type URL
https://access.redhat.com/errata/RHSA-2017:1244
https://access.redhat.com/errata/RHSA-2017:1334
https://access.redhat.com/errata/RHSA-2017:1476
https://access.redhat.com/errata/RHSA-2017:1499
https://access.redhat.com/errata/RHSA-2017:1599
https://access.redhat.com/errata/RHSA-2017:1685
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7466.json
https://api.first.org/data/v1/epss?cve=CVE-2017-7466
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7466
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7466
https://github.com/ansible/ansible
https://github.com/ansible/ansible/commit/0d418789a298561fded9bce977d34babc9097079
https://github.com/ansible/ansible/commit/7ff9fa52cfcef2065f0db80d85dd94b9b754839c
https://github.com/ansible/ansible/issues/24186
https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-40.yaml
https://web.archive.org/web/20170701161323/http://www.securityfocus.com/bid/97595
http://www.securityfocus.com/bid/97595
1439212 https://bugzilla.redhat.com/show_bug.cgi?id=1439212
cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:11:*:*:*:*:*:*:*
CVE-2017-7466 https://nvd.nist.gov/vuln/detail/CVE-2017-7466
GHSA-3m8p-xpm6-8ww3 https://github.com/advisories/GHSA-3m8p-xpm6-8ww3
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2017:1244
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://access.redhat.com/errata/RHSA-2017:1244
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2017:1334
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://access.redhat.com/errata/RHSA-2017:1334
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2017:1476
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://access.redhat.com/errata/RHSA-2017:1476
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2017:1499
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://access.redhat.com/errata/RHSA-2017:1499
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2017:1599
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://access.redhat.com/errata/RHSA-2017:1599
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2017:1685
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://access.redhat.com/errata/RHSA-2017:1685
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7466.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7466
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7466
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/ansible/ansible
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://github.com/ansible/ansible
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/ansible/ansible/commit/0d418789a298561fded9bce977d34babc9097079
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://github.com/ansible/ansible/commit/0d418789a298561fded9bce977d34babc9097079
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/ansible/ansible/commit/7ff9fa52cfcef2065f0db80d85dd94b9b754839c
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://github.com/ansible/ansible/commit/7ff9fa52cfcef2065f0db80d85dd94b9b754839c
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/ansible/ansible/issues/24186
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://github.com/ansible/ansible/issues/24186
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-40.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-40.yaml
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2017-7466
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2017-7466
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2017-7466
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://nvd.nist.gov/vuln/detail/CVE-2017-7466
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://web.archive.org/web/20170701161323/http://www.securityfocus.com/bid/97595
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://web.archive.org/web/20170701161323/http://www.securityfocus.com/bid/97595
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.85915
EPSS Score 0.02741
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T12:41:44.950886+00:00 Pypa Importer Import https://github.com/pypa/advisory-database/blob/main/vulns/ansible/PYSEC-2018-40.yaml 38.0.0