Design/Logic Flaw

2021-09-1715:15:00

PRIOn knowledge base

www.prio-n.com

8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.0%

JSON

The Device42 Main Appliance before 17.05.01 does not sanitize user input in its Nmap Discovery utility. An attacker (with permissions to add or edit jobs run by this utility) can inject an extra argument to overwrite arbitrary files as the root user on the Remote Collector.

CPENameOperatorVersion
device42lt17.05.01

CPE	Name	Operator	Version
	device42	lt	17.05.01

References

blog.device42.com/2021/09/critical-fixes-in-17-05-01/

docs.device42.com/auto-discovery/nmap-autodiscovery/

docs.device42.com/auto-discovery/remote-collector-rc/