PT-2021-17079 · Nexacro · Nexacro

Published

2021-11-30

Updated

2021-12-01

CVE-2021-26612

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Nexacro platform (affected versions not specified)

Description An issue with improper input validation in the copy method of the Nexacro platform allows for arbitrary file creation. This can be exploited by remote attackers to execute arbitrary commands after creating a file that includes malicious code.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2021-26612

Affected Products

Nexacro

PT-2021-17079 · Nexacro · Nexacro

CVE-2021-26612

Weakness Enumeration

Related Identifiers

Affected Products

References · 4