Lucene search

KrcertCVELIST:CVE-2021-26612

HistoryNov 30, 2021 - 6:39 p.m.

CVE-2021-26612 tobesoft Nexacro platform arbitrary file creation vulnerability

2021-11-3018:39:25

CWE-20

krcert

www.cve.org

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

10 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.1%

JSON

An improper input validation leading to arbitrary file creation was discovered in copy method of Nexacro platform. Remote attackers use copy method to execute arbitrary command after the file creation included malicious code.

CNA Affected

[
  {
    "platforms": [
      "Windows"
    ],
    "product": "NEXACRO17",
    "vendor": "TOBESOFT",
    "versions": [
      {
        "lessThanOrEqual": "17.1.2.500",
        "status": "affected",
        "version": "17.1.2.500",
        "versionType": "custom"
      }
    ]
  }
]

References

www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36380

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

10 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.1%

JSON

Related for CVELIST:CVE-2021-26612