CVE-2021-29221

Опубликовано: 09 апр. 2021

Источник: nvd

CVSS3: 7

CVSS2: 6.2

EPSS Низкий

Описание

A local privilege escalation vulnerability was discovered in Erlang/OTP prior to version 23.2.3. By adding files to an existing installation's directory, a local attacker could hijack accounts of other users running Erlang programs or possibly coerce a service running with "erlsrv.exe" to execute arbitrary code as Local System. This can occur only under specific conditions on Windows with unsafe filesystem permissions.

Ссылки

https://deepsurface.com/deepsurface-security-advisory-local-privilege-escalation-in-erlang-on-windows-cve-2021-29221/
Exploit
Third Party Advisory
https://github.com/erlang/otp/releases/tag/OTP-23.2.3
Third Party Advisory
https://deepsurface.com/deepsurface-security-advisory-local-privilege-escalation-in-erlang-on-windows-cve-2021-29221/
Exploit
Third Party Advisory
https://github.com/erlang/otp/releases/tag/OTP-23.2.3
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*

Версия до 23.2.3 (исключая)

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

EPSS

Процентиль: 11%

0.00038

Низкий

7 High

CVSS3

6.2 Medium

CVSS2

Дефекты

CWE-426

Связанные уязвимости

CVE-2021-29221

CVSS3: 7

debian

почти 5 лет назад

A local privilege escalation vulnerability was discovered in Erlang/OT ...

GHSA-gq7g-854q-935r

github

больше 3 лет назад