Lucene search

K
cvelistSiemensCVELIST:CVE-2021-45465
HistoryJan 04, 2024 - 11:20 a.m.

CVE-2021-45465

2024-01-0411:20:18
CWE-123
siemens
www.cve.org
vulnerability
syngo fastview
bmp file parsing
code execution
data validation

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C

0.001 Low

EPSS

Percentile

24.8%

A vulnerability has been identified in syngo fastView (All versions). The affected application lacks proper validation of user-supplied data when parsing BMP files. This could result in a write-what-where condition and an attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15696)

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "syngo fastView",
    "versions": [
      {
        "version": "All versions",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  }
]

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C

0.001 Low

EPSS

Percentile

24.8%

Related for CVELIST:CVE-2021-45465