Lucene search

[email protected]NVD:CVE-2021-46850

HistoryOct 24, 2022 - 2:15 p.m.

CVE-2021-46850

2022-10-2414:15:50

CWE-88

[email protected]

web.nvd.nist.gov

vulnerable

command injection

administrative user

http post

remote access

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

0.028 Low

EPSS

Percentile

90.7%

JSON

myVesta Control Panel before 0.9.8-26-43 and Vesta Control Panel before 0.9.8-26 are vulnerable to command injection. An authenticated and remote administrative user can execute arbitrary commands via the v_sftp_license parameter when sending HTTP POST requests to the /edit/server endpoint.

Affected configurations

NVD

Node

vestacpcontrol_panelRange<0.9.8-26-43

vestacpvesta_control_panelRange<0.9.8-26

References

blog.talosintelligence.com/2021/06/necro-python-bot-adds-new-tricks.html

github.com/myvesta/vesta/commit/7991753ab7c5c568768028fb77554db8ea149f17

github.com/myvesta/vesta/releases/tag/0.9.8-26-43

github.com/serghey-rodin/vesta/commit/a4e4542a6d1351c2857b169f8621dd9a13a2e896

www.exploit-db.com/exploits/49674

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

0.028 Low

EPSS

Percentile

90.7%

JSON

Related for NVD:CVE-2021-46850

osv1 prion1 cve1 cvelist1