PT-2021-15200 · Unknown · Igss Definition

Published

2021-06-10

Updated

2021-06-15

CVE-2021-22762

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions IGSS Definition (Def.exe) versions 15.0.0.21140 and prior

Description A CWE-22 issue exists in IGSS Definition that could result in remote code execution when a malicious CGF or WSP file is being parsed. This occurs due to improper limitation of a pathname to a restricted directory.

Recommendations For versions 15.0.0.21140 and prior, update to a version later than 15.0.0.21140 to resolve the issue. As a temporary workaround, consider restricting the parsing of CGF and WSP files to trusted sources until a patch is available. Avoid using unverified CGF or WSP files with IGSS Definition until the issue is resolved.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2021-22762

ZDI-21-675

Affected Products

Igss Definition

PT-2021-15200 · Unknown · Igss Definition

CVE-2021-22762

Weakness Enumeration

Related Identifiers

Affected Products

References · 5