CVE-2017-10940

CVE Database · CVE-2017-10940

CVE-2017-10940

· N/AModified

CVSS v3.1

N/A

EPSS

5.42%

Published

Oct 31, 2017

Modified

May 12, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Joyent Smart Data Center prior to agentsshar@1.0.0-release-20160901-20160901T051624Z-g3fd5adf (e469cf49-4de3-4658-8419-ab42837916ad). An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the docker API. The process does not properly validate user-supplied data which can allow for the upload of arbitrary files. An attacker can leverage this vulnerability to execute arbitrary code under the context of root. Was ZDI-CAN-3853.

Weaknesses (CWE)

CWE-22CWE-434

Affected Products (1)

joyent · triton_datacentervulnerable

References (6)

http://www.securityfocus.com/bid/99510

Third Party AdvisoryVDB Entry

https://help.joyent.com/hc/en-us/articles/115009649927-Security-Advisory-ZDI-CAN-3853-Docker-File-Overwrite-Vulnerability

Vendor Advisory

https://zerodayinitiative.com/advisories/ZDI-17-453

Third Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/99510

Third Party AdvisoryVDB Entry

https://help.joyent.com/hc/en-us/articles/115009649927-Security-Advisory-ZDI-CAN-3853-Docker-File-Overwrite-Vulnerability

Vendor Advisory

https://zerodayinitiative.com/advisories/ZDI-17-453

KEV Catalog EPSS Scores Vendors All CVEs