Lucene search

TwcertCVELIST:CVE-2021-43359

HistoryDec 01, 2021 - 2:00 a.m.

CVE-2021-43359 Sunnet eHRD - Broken Access Control

2021-12-0102:00:23

CWE-732

twcert

www.cve.org

cve-2021-43359

sunnet ehrd

access control

privilege escalation

arbitrary code

system control

service interruption

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

9.2

Confidence

High

EPSS

0.002

Percentile

61.2%

JSON

Sunnet eHRD has broken access control vulnerability, which allows a remote attacker to access account management page after being authenticated as a general user, then perform privilege escalation to execute arbitrary code and control the system or interrupt services.

CNA Affected

[
  {
    "product": "eHRD",
    "vendor": "Sunnet",
    "versions": [
      {
        "status": "affected",
        "version": "8"
      },
      {
        "status": "affected",
        "version": "9"
      }
    ]
  }
]

References

www.twcert.org.tw/tw/cp-132-5354-0aac0-1.html

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

9.2

Confidence

High

EPSS

0.002

Percentile

61.2%

JSON

Related for CVELIST:CVE-2021-43359