PT-2021-17312 · Netop · Netop Vision Pro

Sam Quinn

Published

2021-03-25

Updated

2021-04-02

CVE-2021-27193

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Netop Vision Pro versions up to and including 9.7.1

Description: The issue is related to incorrect default permissions in the API of Netop Vision Pro, allowing a remote unauthenticated attacker to read and write files on the remote machine with system privileges, resulting in a privilege escalation.

Recommendations: For versions up to and including 9.7.1, update to a version that includes a fix for the incorrect default permissions vulnerability to prevent privilege escalation. As a temporary workaround, consider restricting access to the API to minimize the risk of exploitation.

Fix

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-276

Related Identifiers

CVE-2021-27193

Affected Products

Netop Vision Pro

PT-2021-17312 · Netop · Netop Vision Pro

CVE-2021-27193

Weakness Enumeration

Related Identifiers

Affected Products

References · 4