exploitDog

CVE-2021-41315

Опубликовано: 17 сент. 2021

Источник: nvd

CVSS3: 8.8

CVSS2: 9

EPSS Низкий

Описание

The Device42 Remote Collector before 17.05.01 does not sanitize user input in its SNMP Connectivity utility. This allows an authenticated attacker (with access to the console application) to execute arbitrary OS commands and escalate privileges.

Ссылки

https://blog.device42.com/2021/09/critical-fixes-in-17-05-01/
Vendor Advisory
https://docs.device42.com/auto-discovery/remote-collector-rc/
Product
Vendor Advisory
https://blog.device42.com/2021/09/critical-fixes-in-17-05-01/
Vendor Advisory
https://docs.device42.com/auto-discovery/remote-collector-rc/
Product
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:device42:remote_collector:*:*:*:*:*:*:*:*

Версия до 17.05.01 (исключая)

EPSS

Процентиль: 70%

0.00629

Низкий

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-qv5f-5wgj-j5qf

github

больше 3 лет назад

The Device42 Remote Collector before 17.05.01 does not sanitize user input in its SNMP Connectivity utility. This allows an authenticated attacker (with access to the console application) to execute arbitrary OS commands and escalate privileges.

EPSS

Процентиль: 70%

0.00629

Низкий

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-78