Login Sign Up

CVE-2017-17674

9.8 CRITICAL
Remote Code Execution SSRF

📋 TL;DR

CVE-2017-17674 is a remote/local file inclusion vulnerability in BMC Remedy Mid Tier that allows attackers to read arbitrary files and make unauthorized requests. This affects BMC Remedy Mid Tier 9.1SP3 installations, potentially exposing sensitive data and enabling further attacks.

💻 Affected Systems

Products:
  • BMC Remedy Mid Tier
Versions: 9.1SP3
Operating Systems: All supported platforms
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the web interface component of BMC Remedy Mid Tier installations.

📦 What is this software?

Remedy Mid Tier by Bmc

View all CVEs affecting Remedy Mid Tier →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data exfiltration, and lateral movement within the network.

🟠

Likely Case

Server-side request forgery (SSRF) allowing internal network reconnaissance, port scanning, and potential data leakage through file inclusion.

🟢

If Mitigated

Limited information disclosure if proper network segmentation and access controls prevent external exploitation.

🌐 Internet-Facing: HIGH - Directly exploitable from the internet without authentication, enabling full attack chain.
🏢 Internal Only: HIGH - Even internally, this vulnerability can be leveraged for lateral movement and privilege escalation.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires minimal technical skill with publicly available proof-of-concept code.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply patches referenced in BMC security advisory

Vendor Advisory: https://docs.bmc.com/docs/ars91/en/9-1-00-fixes-available-for-remedy-ar-system-security-vulnerabilities-800555806.html

Restart Required: Yes

Instructions:

1. Download the security patch from BMC support portal. 2. Apply the patch according to BMC documentation. 3. Restart the Remedy Mid Tier service. 4. Verify the fix is applied.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict access to BMC Remedy Mid Tier to trusted networks only

Web Application Firewall Rules

all

Implement WAF rules to block file inclusion patterns and SSRF attempts

🧯 If You Can't Patch

  • Isolate the BMC Remedy Mid Tier server in a restricted network segment
  • Implement strict firewall rules to limit inbound connections to only necessary sources

🔍 How to Verify

Check if Vulnerable:

Check if running BMC Remedy Mid Tier 9.1SP3 without the security patch applied

Check Version:

Check the version in the Remedy Mid Tier administration interface or configuration files

Verify Fix Applied:

Verify patch installation through BMC administration console and test that file inclusion attempts are blocked

📡 Detection & Monitoring

Log Indicators:

  • Unusual file path requests in web server logs
  • Requests to internal IP addresses from the Mid Tier server

Network Indicators:

  • Outbound connections from Mid Tier server to unexpected internal services
  • Patterns of file inclusion attempts in HTTP traffic

SIEM Query:

source="web_server_logs" AND (url="*../../*" OR url="*file=*" OR url="*include=*")

📊 Metadata

CVE ID: CVE-2017-17674
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-918
Published: May 19, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2017-17674, you might also want to check these:

CVE-2023-3432 10.0

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in PlantUML versions prior to ...

Same vulnerability type (CWE-918)
CVE-2025-2828 10.0

This Server-Side Request Forgery (SSRF) vulnerability in langchain-community's RequestsToolkit allow...

Same vulnerability type (CWE-918)
CVE-2023-43654 10.0

TorchServe versions 0.1.0 to 0.8.1 have a critical vulnerability where the default configuration lac...

Same vulnerability type (CWE-918)