9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.05 Low
EPSS
Percentile
92.8%
Document Title:
===============
VisualWare MyConnection Server 11.x Remote Code Execution Vulnerability
References (Source):
====================
https://www.securifera.com/advisories/cve-2021-27198/
https://myconnectionserver.visualware.com/download.html
Release Date:
=============
2020-02-25
Product & Service Introduction:
===============================
MCS tests, measures & reports the performance and health of any network
connection, LAN or WAN. MCS is an access everywhere web based enterprise
solution.
Vulnerability Information:
==============================
Class: CWE-434: Unrestricted Upload of File with Dangerous Type
Impact: Remote Code Execution
Remotely Exploitable: Yes
Locally Exploitable: Yes
CVE Name: CVE-2021-27198
Vulnerability Description:
==============================
An unauthenticated remote code execution vulnerability was discovered in
Visualware MyConnection Server 11.0 through 11.0b build 5382. The web
endpoint at "https://example.com/myspeed/sf" provides an unauthenticated
user the ability to upload an arbitrary file to an arbitrary location via a
specially crafted POST request. This application is written in Java and is
thus cross-platform. The Windows installation executes the web server as
SYSTEM which means that exploitation provides Administrator privileges on
the target system.
Vulnerability Disclosure Timeline:
==================================
2021-01-11: Contacted VisualWare About Issue via Website Contact Form
2021-02-03: Emailed Multiple VisualWare POCs Requesting Disclosure
Assistance
2021-02-11: Requested CVE from MITRE for vulnerability
2021-02-12: Messaged Lead VisualWare Developer on LinkedIn After Seeing They
Had Looked At My Profile. I assume because of my attempts to contact them
2021-02-18: Notified VisualWare About Issue Again via Website Contact Form
And Notified Them I Would be Disclosing if they did not respond
2021-02-25: Publicly releasing vulnerability because company refuses to
respond to any attempts to coordinate disclsoure
Affected Product(s):
====================
VisualWare MyConnection Server 11.0 through 11.0b build 5382
Severity Level:
===============
High
Proof of Concept (PoC):
=======================
A proof of concept will not be provided at this time.
Solution - Fix & Patch:
=======================
None
Security Risk:
==============
The security risk of this remote code execution vulnerability is estimated
as high. (CVSS 10.0)
Credits & Authors:
==================
Securifera, Inc - b0yd (@rwincey)
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.05 Low
EPSS
Percentile
92.8%