Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-42855

Опубликовано: 10 мар. 2022
Источник: nvd
CVSS3: 7.8
CVSS2: 4.6
EPSS Низкий

Описание

It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent (DSA) uses the ".debug_command.config" file to store a json string that contains a list of IDs and pre-configured commands. The config file is subsequently used by the "/api/appInternals/1.0/agent/configuration" API to map the corresponding ID to a command to be executed.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:riverbed:steelcentral_appinternals_dynamic_sampling_agent:*:*:*:*:*:*:*:*
Версия от 11.0.0 (включая) до 11.8.8 (исключая)
cpe:2.3:a:riverbed:steelcentral_appinternals_dynamic_sampling_agent:*:*:*:*:*:*:*:*
Версия от 12.0.0 (включая) до 12.13.0 (исключая)
cpe:2.3:a:riverbed:steelcentral_appinternals_dynamic_sampling_agent:10.0.0:*:*:*:*:*:*:*

EPSS

Процентиль: 12%
0.0004
Низкий

7.8 High

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-284
CWE-732

Связанные уязвимости

github логотип

GHSA-j285-2pfr-phwh

CVSS3: 7.8
github
почти 4 года назад

It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent (DSA) uses the ".debug_command.config" file to store a json string that contains a list of IDs and pre-configured commands. The config file is subsequently used by the "/api/appInternals/1.0/agent/configuration" API to map the corresponding ID to a command to be executed.

EPSS

Процентиль: 12%
0.0004
Низкий

7.8 High

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-284
CWE-732