Lucene search

[email protected]CVE-2021-26551

HistoryFeb 09, 2021 - 8:15 p.m.

CVE-2021-26551

2021-02-0920:15:00

CWE-94

[email protected]

web.nvd.nist.gov

smartfoxserver

cve-2021-26551

python code execution

security vulnerability

javashell.py

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

0.095 Low

EPSS

Percentile

94.7%

JSON

An issue was discovered in SmartFoxServer 2.17.0. An attacker can execute arbitrary Python code, and bypass the javashell.py protection mechanism, by creating /config/ConsoleModuleUnlock.txt and editing /config/admin/admintool.xml to enable the Console module.

CPENameOperatorVersion
smartfoxserver:smartfoxserversmartfoxservereq2.17.0

CPE	Name	Operator	Version
smartfoxserver:smartfoxserver	smartfoxserver	eq	2.17.0

References

packetstormsecurity.com/files/161340/SmartFoxServer-2X-2.17.0-Remote-Code-Execution.html

www.smartfoxserver.com

www.zeroscience.mk/en/vulnerabilities/

Social References

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

0.095 Low

EPSS

Percentile

94.7%

JSON

Related for CVE-2021-26551

packetstorm1 cvelist1 zeroscience1 prion1