PT-2021-14164 · Unknown · Clusterpro X+3
Published
2021-11-02
·
Updated
2022-04-29
·
CVE-2021-20705
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions:
CLUSTERPRO X versions 4.3 and earlier
EXPRESSCLUSTER X versions 4.3 and earlier
CLUSTERPRO X SingleServerSafe versions 4.3 and earlier
EXPRESSCLUSTER X SingleServerSafe versions 4.3 and earlier
Description:
The issue is related to improper input validation, allowing an attacker to perform remote file upload via the network. This can be exploited by sending malicious input to the vulnerable software.
Recommendations:
For CLUSTERPRO X versions 4.3 and earlier, update to a version later than 4.3 to resolve the issue.
For EXPRESSCLUSTER X versions 4.3 and earlier, update to a version later than 4.3 to resolve the issue.
For CLUSTERPRO X SingleServerSafe versions 4.3 and earlier, update to a version later than 4.3 to resolve the issue.
For EXPRESSCLUSTER X SingleServerSafe versions 4.3 and earlier, update to a version later than 4.3 to resolve the issue.
As a temporary workaround, consider restricting access to the WebManager to minimize the risk of exploitation.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Clusterpro X
Clusterpro X Singleserversafe
Expresscluster X
Expresscluster X Singleserversafe