Description
An issue was discovered in MDaemon before 20.0.4. Administrators can use Remote Administration to exploit an Arbitrary File Write vulnerability. An attacker is able to create new files in any location of the filesystem, or he may be able to modify existing files. This vulnerability may directly lead to Remote Code Execution.
Affected Software
Related
{"id": "CVE-2021-27183", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2021-27183", "description": "An issue was discovered in MDaemon before 20.0.4. Administrators can use Remote Administration to exploit an Arbitrary File Write vulnerability. An attacker is able to create new files in any location of the filesystem, or he may be able to modify existing files. This vulnerability may directly lead to Remote Code Execution.", "published": "2021-04-14T23:15:00", "modified": "2021-04-21T17:32:00", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 6.5}, "severity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH"}, "exploitabilityScore": 1.2, "impactScore": 5.9}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27183", "reporter": "cve@mitre.org", "references": ["https://github.com/chudyPB/MDaemon-Advisories", "https://www.altn.com/Support/SecurityUpdate/MD011221_MDaemon_EN/"], "cvelist": ["CVE-2021-27183"], "immutableFields": [], "lastseen": "2022-03-23T15:58:26", "viewCount": 33, "enchantments": {"dependencies": {"references": [{"type": "githubexploit", "idList": ["BC8236D1-27EC-5DDE-BC77-C13CA739C321"]}]}, "score": {"value": 5.4, "vector": "NONE"}, "twitter": {"counter": 4, "modified": "2021-04-15T09:41:53", "tweets": [{"link": "https://twitter.com/WolfgangSesin/status/1385055837262163968", "text": "New post from https://t.co/uXvPWJy6tj?amp=1 (CVE-2021-27183 (mdaemon)) has been published on https://t.co/r8IGHFthEV?amp=1"}, {"link": "https://twitter.com/WolfgangSesin/status/1385055837262163968", "text": "New post from https://t.co/uXvPWJy6tj?amp=1 (CVE-2021-27183 (mdaemon)) has been published on https://t.co/r8IGHFthEV?amp=1"}, {"link": "https://twitter.com/www_sesin_at/status/1385055825106964486", "text": "New post from https://t.co/9KYxtdZjkl?amp=1 (CVE-2021-27183 (mdaemon)) has been published on https://t.co/VWrmG16D2S?amp=1"}, {"link": "https://twitter.com/www_sesin_at/status/1385055825106964486", "text": "New post from https://t.co/9KYxtdZjkl?amp=1 (CVE-2021-27183 (mdaemon)) has been published on https://t.co/VWrmG16D2S?amp=1"}]}, "backreferences": {"references": [{"type": "canvas", "idList": ["MDAEMON"]}, {"type": "githubexploit", "idList": ["BC8236D1-27EC-5DDE-BC77-C13CA739C321"]}]}, "exploitation": null, "vulnersScore": 5.4}, "_state": {"dependencies": 0, "score": 0}, "_internal": {}, "cna_cvss": {"cna": null, "cvss": {}}, "cpe": [], "cpe23": [], "cwe": ["CWE-610"], "affectedSoftware": [{"cpeName": "altn:mdaemon", "version": "20.0.4", "operator": "lt", "name": "altn mdaemon"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:altn:mdaemon:20.0.4:*:*:*:*:*:*:*", "versionEndExcluding": "20.0.4", "cpe_name": []}]}]}, "extraReferences": [{"url": "https://github.com/chudyPB/MDaemon-Advisories", "name": "https://github.com/chudyPB/MDaemon-Advisories", "refsource": "MISC", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://www.altn.com/Support/SecurityUpdate/MD011221_MDaemon_EN/", "name": "https://www.altn.com/Support/SecurityUpdate/MD011221_MDaemon_EN/", "refsource": "MISC", "tags": ["Release Notes", "Vendor Advisory"]}]}
{"githubexploit": [{"lastseen": "2022-01-24T22:32:54", "description": "# MDaemon-Advisories\nMDaemon Advisories:\n\n- CVE-2021-27180 (Refl...", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-04-09T16:34:28", "type": "githubexploit", "title": "Exploit for Cross-site Scripting in Altn Mdaemon", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27183", "CVE-2021-27182", "CVE-2021-27181", "CVE-2021-27180"], "modified": "2022-01-24T22:11:12", "id": "BC8236D1-27EC-5DDE-BC77-C13CA739C321", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}]}
CVE-2021-27183
