exploitDog

CVE-2021-44041

Опубликовано: 14 дек. 2021

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Низкий

Описание

UiPath Assistant 21.4.4 will load and execute attacker controlled data from the file path supplied to the --dev-widget argument of the URI handler for uipath-assistant://. This allows an attacker to execute code on a victim's machine or capture NTLM credentials by supplying a networked or WebDAV file path.

Ссылки

https://docs.uipath.com/robot/docs/release-notes-2021-10-4
Release Notes
Vendor Advisory
https://docs.uipath.com/robot/docs/uipath-assistant
Product
https://docs.uipath.com/robot/docs/release-notes-2021-10-4
Release Notes
Vendor Advisory
https://docs.uipath.com/robot/docs/uipath-assistant
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:uipath:assistant:21.4.4:*:*:*:*:*:*:*

EPSS

Процентиль: 74%

0.00829

Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-610

Связанные уязвимости

GHSA-7h9v-7266-h9v7

github

около 4 лет назад

UiPath Assistant 21.4.4 will load and execute attacker controlled data from the file path supplied to the --dev-widget argument of the URI handler for uipath-assistant://. This allows an attacker to execute code on a victim's machine or capture NTLM credentials by supplying a networked or WebDAV file path.

EPSS

Процентиль: 74%

0.00829

Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-610