PT-2021-14833 · Unknown · Ic Module Cma
Matt Wiseman
·
Published
2021-12-22
·
Updated
2022-08-31
·
CVE-2021-21907
CVSS v3.1
4.9
Medium
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
iC Module CMA Version 5.0
Description
A directory traversal issue exists in the CMA CLI
getenv command functionality, allowing a specially-crafted command line argument to lead to local file inclusion. An attacker can provide malicious input to trigger this issue.Recommendations
For iC Module CMA Version 5.0, consider restricting access to the
getenv command functionality until a patch is available. As a temporary workaround, avoid using specially-crafted command line arguments that could lead to local file inclusion. At the moment, there is no information about a newer version that contains a fix for this issue.Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ic Module Cma