Kentico CMS RCE CVE-2017-17736
Description
Kentico CMS is an ASP.NET-based web content management system. Versions affected by CVE-2017-17736 expose the installation wizard within the deployed web application without proper access controls. This allows unauthenticated attackers to reinitialize the application and create a new administrative account with Global Administrator privileges, effectively bypassing all authentication mechanisms.
Remediation
Immediately restrict access to the Kentico installation wizard through one or more of the following methods:
1. Remove the installer files from production environments after initial deployment. Delete the installation directory (typically /CMSInstall/) from the web server.
2. Implement IP-based access restrictions in your web server configuration to block external access to installation paths:
<!-- IIS web.config example -->
<location path="CMSInstall">
<system.webServer>
<security>
<ipSecurity allowUnlisted="false">
<add ipAddress="127.0.0.1" allowed="true" />
</ipSecurity>
</security>
</system.webServer>
</location>3. Upgrade to a patched version of Kentico CMS that addresses this vulnerability.
4. Monitor access logs for any unauthorized attempts to access /CMSInstall/ or related installation endpoints and investigate any suspicious activity immediately.