Lucene search

[email protected]CVE-2021-45912

HistoryJan 04, 2022 - 4:15 p.m.

CVE-2021-45912

2022-01-0416:15:09

CWE-78

[email protected]

web.nvd.nist.gov

cve-2021-45912

controlup real-time agent

cuagent.exe

os command execution

named pipe channel

wcf method

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.3%

JSON

An unauthenticated Named Pipe channel in Controlup Real-Time Agent (cuAgent.exe) before 8.5 potentially allows an attacker to run OS commands via the ProcessActionRequest WCF method.

Affected configurations

NVD

Node

controlupreal-time_agentRange<8.5hybrid_cloud

controlupreal-time_agentRange<8.5on-premises

CPENameOperatorVersion
controlup:real-time_agentcontrolup real-time agentlt8.5

CPE	Name	Operator	Version
controlup:real-time_agent	controlup real-time agent	lt	8.5

References

controlup.com

www.controlup.com/security/security-advisory-local-privilege-escalation/

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.3%

JSON

Related for CVE-2021-45912

cvelist1 cnvd1 nvd1 prion1