Lucene search

[email protected]CVE-2021-44041

HistoryDec 14, 2021 - 6:15 p.m.

CVE-2021-44041

2021-12-1418:15:08

CWE-610

[email protected]

web.nvd.nist.gov

cve-2021-44041

uipath assistant

arbitrary code execution

security vulnerability

nvd

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.0%

JSON

UiPath Assistant 21.4.4 will load and execute attacker controlled data from the file path supplied to the --dev-widget argument of the URI handler for uipath-assistant://. This allows an attacker to execute code on a victim’s machine or capture NTLM credentials by supplying a networked or WebDAV file path.

Affected configurations

NVD

Node

uipathassistantMatch21.4.4

CPENameOperatorVersion
uipath:assistantuipath assistanteq21.4.4

CPE	Name	Operator	Version
uipath:assistant	uipath assistant	eq	21.4.4

References

docs.uipath.com/robot/docs/release-notes-2021-10-4

docs.uipath.com/robot/docs/uipath-assistant

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.0%

JSON

Related for CVE-2021-44041

cnvd1 cvelist1 nvd1 prion1