Lucene search

GitHub_MCVELIST:CVE-2021-32826

HistoryAug 16, 2021 - 9:00 p.m.

CVE-2021-32826 Remote code execution in Proxyee-Down

2021-08-1621:00:10

CWE-78

GitHub_M

www.cve.org

proxyee-down

remote code execution

extension script

CVSS3

6.8

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

AI Score

8.3

Confidence

High

EPSS

0.003

Percentile

71.6%

JSON

Proxyee-Down is open source proxy software. An attacker being able to provide an extension script (eg: through a MiTM attack or by hosting a malicious extension) may be able to run arbitrary commands on the system running Proxyee-Down. For more details including a PoC see the referenced GHSL-2021-053. As of the writing of this CVE there is currently no patched version.

CNA Affected

[
  {
    "product": "proxyee-down",
    "vendor": "proxyee-down-org",
    "versions": [
      {
        "status": "affected",
        "version": "all"
      }
    ]
  }
]

References

securitylab.github.com/advisories/GHSL-2021-053-proxyee-down/

CVSS3

6.8

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

AI Score

8.3

Confidence

High

EPSS

0.003

Percentile

71.6%

JSON

Related for CVELIST:CVE-2021-32826