Lucene search

[email protected]CVE-2021-43358

HistoryDec 01, 2021 - 2:15 a.m.

CVE-2021-43358

2021-12-0102:15:07

CWE-22

[email protected]

web.nvd.nist.gov

sunnet ehrd

cve-2021-43358

path traversal

url filtering

remote attacker

system files

nvd

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.003 Low

EPSS

Percentile

71.9%

JSON

Sunnet eHRD has inadequate filtering for special characters in URLs, which allows a remote attacker to perform path traversal attacks without authentication, access restricted paths and download system files.

Affected configurations

NVD

Node

sunehrdMatch8

sunehrdMatch9

CPENameOperatorVersion
sun:ehrdsun ehrdeq8
sun:ehrdsun ehrdeq9

CPE	Name	Operator	Version
sun:ehrd	sun ehrd	eq	8
sun:ehrd	sun ehrd	eq	9

CNA Affected

[
  {
    "product": "eHRD",
    "vendor": "Sunnet",
    "versions": [
      {
        "status": "affected",
        "version": "8"
      },
      {
        "status": "affected",
        "version": "9"
      }
    ]
  }
]

References

www.twcert.org.tw/tw/cp-132-5353-4ebee-1.html

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.003 Low

EPSS

Percentile

71.9%

JSON

Related for CVE-2021-43358

cvelist1 cnvd1 nvd1 prion1