{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-02T19:51:13.710","vulnerabilities":[{"cve":{"id":"CVE-2017-3141","sourceIdentifier":"security-officer@isc.org","published":"2019-01-16T20:29:00.503","lastModified":"2024-11-21T03:24:55.147","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The BIND installer on Windows uses an unquoted service path which can enable a local user to achieve privilege escalation if the host file system permissions allow this. Affects BIND 9.2.6-P2->9.2.9, 9.3.2-P1->9.3.6, 9.4.0->9.8.8, 9.9.0->9.9.10, 9.10.0->9.10.5, 9.11.0->9.11.1, 9.9.3-S1->9.9.10-S1, 9.10.5-S1."},{"lang":"es","value":"El instalador de BIND en Windows emplea una ruta de servicio sin entrecomillar que puede permitir que un usuario local logre escalar privilegios si los permisos del sistema host de archivos lo permiten.  Afecta a BIND desde la versión 9.2.6-P2 hasta la 9.2.9, desde la 9.3.2-P1 hasta la 9.3.6, desde la 9.4.0 hasta la 9.8.8, desde la 9.9.0 hasta la 9.9.10, desde la 9.10.0 hasta la 9.10.5, desde la 9.11.0 hasta la 9.11.1, desde la 9.9.3-S1 hasta la 9.9.10-S1 y en la versión 9.10.5-S1."}],"metrics":{"cvssMetricV30":[{"source":"security-officer@isc.org","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.6,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-428"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*","versionStartIncluding":"9.2.6","versionEndIncluding":"9.2.9","matchCriteriaId":"880FF52C-CE36-4DE2-8FF7-8FEFCA53854C"},{"vulnerable":true,"criteria":"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*","versionStartIncluding":"9.3.2","versionEndIncluding":"9.3.6","matchCriteriaId":"6756023D-C9EF-460D-A498-F9A3238B3570"},{"vulnerable":true,"criteria":"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*","versionStartIncluding":"9.4.0","versionEndIncluding":"9.8.8","matchCriteriaId":"343E9DD3-BBEA-4385-9A8E-0675BE74EC43"},{"vulnerable":true,"criteria":"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*","versionStartIncluding":"9.9.0","versionEndIncluding":"9.9.10","matchCriteriaId":"4D75A16E-2EB4-4A10-9B63-AC04755AC1E4"},{"vulnerable":true,"criteria":"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*","versionStartIncluding":"9.10.0","versionEndIncluding":"9.10.5","matchCriteriaId":"E8039263-E38B-40B2-B3AA-3673C0DD8318"},{"vulnerable":true,"criteria":"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*","versionStartIncluding":"9.11.0","versionEndIncluding":"9.11.1","matchCriteriaId":"A8E6E2D9-E137-498C-B175-1CA268B6E551"},{"vulnerable":true,"criteria":"cpe:2.3:a:isc:bind:9.2.6:p2:*:*:*:*:*:*","matchCriteriaId":"16C74641-25F0-42CD-9523-5E026CCB716E"},{"vulnerable":true,"criteria":"cpe:2.3:a:isc:bind:9.3.2:p1:*:*:*:*:*:*","matchCriteriaId":"6DC920B0-8C10-4C41-9AAD-C42AA4DF8368"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/99089","source":"security-officer@isc.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1038693","source":"security-officer@isc.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://kb.isc.org/docs/aa-01496","source":"security-officer@isc.org","tags":["Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201708-01","source":"security-officer@isc.org","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20180926-0001/","source":"security-officer@isc.org","tags":["Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/42121/","source":"security-officer@isc.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/99089","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1038693","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://kb.isc.org/docs/aa-01496","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201708-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20180926-0001/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/42121/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]}]}}]}