Lucene search

TwcertCVELIST:CVE-2021-22858

HistoryFeb 17, 2021 - 10:45 a.m.

CVE-2021-22858 ChanGate EnterPrise Co., Ltd property management system - Broken Authentication

2021-02-1710:45:29

CWE-287

twcert

www.cve.org

changate enterprise co.

ltd

property management system

broken authentication

permission elevation

arbitrary commands

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.001

Percentile

50.6%

JSON

Attackers can access the CGE account management function without privilege for permission elevation and execute arbitrary commands or files after obtaining user permissions.

CNA Affected

[
  {
    "product": "property management system",
    "vendor": "ChanGate EnterPrise Co., Ltd",
    "versions": [
      {
        "lessThanOrEqual": "1.00",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.chtsecurity.com/news/fe1e30ef-4dac-4848-a3c9-a7df12672422

www.twcert.org.tw/tw/cp-132-4396-e6d44-1.html

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.001

Percentile

50.6%

JSON

Related for CVELIST:CVE-2021-22858