CVE-2021-27197

Опубликовано: 12 фев. 2021

Источник: nvd

CVSS3: 8.1

CVSS2: 8.8

EPSS Низкий

Описание

DSUtility.dll in Pelco Digital Sentry Server before 7.19.67 has an arbitrary file write vulnerability. The AppendToTextFile method doesn't check if it's being called from the application or from a malicious user. The vulnerability is triggered when a remote attacker crafts an HTML page (e.g., with "OBJECT classid=" and "

Ссылки

https://github.com/vitorespf/Advisories/blob/master/Pelco_Digital_Sentry_Server_AFW.txt
Exploit
Third Party Advisory
https://support.pelco.com/s/article/What-is-the-Digital-Sentry-software-release-revision-history
Release Notes
Vendor Advisory
https://github.com/vitorespf/Advisories/blob/master/Pelco_Digital_Sentry_Server_AFW.txt
Exploit
Third Party Advisory
https://support.pelco.com/s/article/What-is-the-Digital-Sentry-software-release-revision-history
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pelco:digital_sentry_server:*:*:*:*:*:*:*:*

Версия до 7.19.67 (исключая)

EPSS

Процентиль: 52%

0.00295

Низкий

8.1 High

CVSS3

8.8 High

CVSS2

Дефекты

CWE-346

Связанные уязвимости

GHSA-gc59-gfp7-vrrr

github

больше 3 лет назад