6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
9.9 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
0.007 Low
EPSS
Percentile
79.6%
Exploit Title: Zepl Notebook - Sandbox Escape
Vendor Homepage: https://zepl.com/
Software Link: https://app.zepl.com/
Version: Affects all versions of the product up to the date of this submission
Tested on: The issue affects all versions of the product up to the date of this submission
Exploit Authors: Josh Sheppard & Pathfynder Inc
Exploit Contact: ghost a t undervurse dot_com & josh a t pathfynder dot_io
Exploit Technique: Remote
CVE ID: CVE-2021-42952
1. Description
A container escape vulnerability has been discovered in Zepl's Notebooks product. Upon launching Remote Code Execution from the Notebook (CVE-2021-42950), users can then use that to subsequently escape the running context sandbox and proceed to access internal Zepl assets including cloud metadata services resulting in complete compromise of cloud assets.
This vulnerability effects all previous versions of their Notebook product suite.
2. Disclosure Timeline
9/28/21 - Discovery and Exploitation
9/28/21 - Vendor Notified
10/31/21 - Patch Applied
2/16/22 - CVE Assigned
2/17/22 - Public Disclosure
3. Mitigation
Hotfix applied to vendors SAAS solution, no action is necessary at this time
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
9.9 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
0.007 Low
EPSS
Percentile
79.6%