Lucene search

TalosCVELIST:CVE-2021-21956

HistoryApr 14, 2022 - 7:56 p.m.

CVE-2021-21956

2022-04-1419:56:05

CWE-502

talos

www.cve.org

cloudlinux inc

imunify360

ai-bolit

php unserialize

vulnerability

arbitrary command execution

file

attacker

CVSS3

8.2

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N

EPSS

0.001

Percentile

40.1%

JSON

A php unserialize vulnerability exists in the Ai-Bolit functionality of CloudLinux Inc Imunify360 5.10.2. A specially-crafted malformed file can lead to potential arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.

CNA Affected

[
  {
    "product": "Imunify360",
    "vendor": "CloudLinux Inc",
    "versions": [
      {
        "status": "affected",
        "version": "5.8"
      },
      {
        "status": "affected",
        "version": "5.9"
      }
    ]
  }
]

References

talosintelligence.com/vulnerability_reports/TALOS-2021-1383

CVSS3

8.2

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N

EPSS

0.001

Percentile

40.1%

JSON

Related for CVELIST:CVE-2021-21956