CVE-2017-17759

critical

Published 2017-12-19 · Modified 2026-05-13

CVSS v3

9.8

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2

10.0

VIR risk

9.8

Description

Conarc iChannel allows remote attackers to obtain sensitive information, modify the configuration, or cause a denial of service (by deleting the configuration) via a wc.dll?wwMaint~EditConfig request (which reaches an older version of a West Wind Web Connection HTTP service).

Predictions

Exploit likelihood

97%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

Application impact

Vendor	Product	Versions	Fixed
conarc	ichannel	`-`

References

http://www.information-paradox.net/2017/12/conarc-ichannel-unauthenticated.html
https://www.exploit-db.com/exploits/43377/
http://www.information-paradox.net/2017/12/conarc-ichannel-unauthenticated.html
https://www.exploit-db.com/exploits/43377/

Verify integrity in audit chain (admin only). AS-IS.