PT-2021-14165 · Unknown · Clusterpro X+4

Published

2021-11-02

Updated

2022-04-29

CVE-2021-20706

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions: CLUSTERPRO X versions 4.3 and earlier EXPRESSCLUSTER X versions 4.3 and earlier CLUSTERPRO X SingleServerSafe versions 4.3 and earlier EXPRESSCLUSTER X SingleServerSafe versions 4.3 and earlier

Description: The issue is related to improper input validation, allowing an attacker to perform remote file upload via the network. This can be achieved through the WebManager component.

Recommendations: For CLUSTERPRO X versions 4.3 and earlier, update to a version later than 4.3 to resolve the issue. For EXPRESSCLUSTER X versions 4.3 and earlier, update to a version later than 4.3 to resolve the issue. For CLUSTERPRO X SingleServerSafe versions 4.3 and earlier, update to a version later than 4.3 to resolve the issue. For EXPRESSCLUSTER X SingleServerSafe versions 4.3 and earlier, update to a version later than 4.3 to resolve the issue. As a temporary workaround, consider restricting access to the WebManager component to minimize the risk of exploitation.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2021-20706

Affected Products

Clusterpro X

Clusterpro X Singleserversafe

Expresscluster X

Expresscluster X Singleserversafe

Webmanager

PT-2021-14165 · Unknown · Clusterpro X+4

CVE-2021-20706

Weakness Enumeration

Related Identifiers

Affected Products

References · 4