Login Sign Up

CVE-2017-17759

9.8 CRITICAL
Denial of Service

📋 TL;DR

CVE-2017-17759 is an unauthenticated remote vulnerability in Conarc iChannel that allows attackers to access sensitive information, modify system configuration, or cause denial of service by deleting configuration files. The vulnerability affects systems running older versions of West Wind Web Connection HTTP service. Any organization using vulnerable Conarc iChannel installations is at risk.

💻 Affected Systems

Products:
  • Conarc iChannel
Versions: Versions using older West Wind Web Connection HTTP service
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Specifically affects wc.dll component with wwMaint~EditConfig endpoint exposure

📦 What is this software?

Ichannel by Conarc

View all CVEs affecting Ichannel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise including configuration destruction leading to permanent service disruption, data theft, and unauthorized system modification.

🟠

Likely Case

Unauthorized access to sensitive configuration data and potential service disruption through configuration manipulation.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls preventing external exploitation.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit code publicly available on Exploit-DB and other sources, requiring only HTTP request to vulnerable endpoint

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: No official vendor advisory found

Restart Required: No

Instructions:

No official patch available. Consider upgrading to newer versions of West Wind Web Connection or implementing workarounds.

🔧 Temporary Workarounds

Block wc.dll requests

windows

Configure web server or firewall to block requests to wc.dll endpoint

# IIS URL Rewrite rule to block wc.dll requests
Add-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -filter 'system.webServer/rewrite/rules' -name '.' -value @{name='Block wc.dll'; patternSyntax='Wildcard'; stopProcessing='true'; matchString='*/wc.dll*'}

Network access restriction

windows

Restrict access to Conarc iChannel service to trusted networks only

# Windows Firewall rule example
New-NetFirewallRule -DisplayName 'Block iChannel External' -Direction Inbound -Protocol TCP -LocalPort 80,443 -RemoteAddress 'NotLocalSubnet' -Action Block

🧯 If You Can't Patch

  • Isolate Conarc iChannel systems from internet access using network segmentation
  • Implement strict access controls and monitor for wc.dll requests in web logs

🔍 How to Verify

Check if Vulnerable:

Send HTTP GET request to http://target/wc.dll?wwMaint~EditConfig and check response for configuration data exposure

Check Version:

Check Conarc iChannel and West Wind Web Connection version information in application interface or configuration files

Verify Fix Applied:

Verify wc.dll endpoint no longer responds to wwMaint~EditConfig requests or returns access denied

📡 Detection & Monitoring

Log Indicators:

  • HTTP requests containing 'wc.dll?wwMaint~EditConfig' in web server logs
  • Unauthorized configuration access attempts

Network Indicators:

  • HTTP GET requests to wc.dll endpoint from untrusted sources
  • Unusual configuration data in HTTP responses

SIEM Query:

source="web_server_logs" AND (uri="*wc.dll*wwMaint~EditConfig*" OR user_agent="*exploit*" OR status_code=200 AND response_size>1000 AND uri="*wc.dll*")

📊 Metadata

CVE ID: CVE-2017-17759
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Published: December 19, 2017
Last Updated: April 20, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON