CVE-2021-22682

2021-04-2317:10:33

CWE-284

icscert

www.cve.org

cscape

full permissions

local privilege escalation

cve-2021-22682

AI Score

7.7

Confidence

High

EPSS

Percentile

0.4%

JSON

Cscape (All versions prior to 9.90 SP4) is configured by default to be installed for all users, which allows full permissions, including read/write access. This may allow unprivileged users to modify the binaries and configuration files and lead to local privilege escalation.

CNA Affected

[
  {
    "product": "Cscape",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "All versions prior to 9.90 SP4"
      }
    ]
  }
]

References

us-cert.cisa.gov/ics/advisories/icsa-21-112-01