PT-2021-17343 · Mutare · Mutare Voice
Published
2021-02-16
·
Updated
2022-05-03
·
CVE-2021-27236
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Mutare Voice (EVM) versions 3.x before 3.3.8
Description:
An issue was discovered in Mutare Voice (EVM) that allows Unauthenticated Local File Inclusion via the
getfile.asp endpoint, which can be leveraged to achieve Remote Code Execution.Recommendations:
For Mutare Voice (EVM) versions 3.x before 3.3.8, update to version 3.3.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the
getfile.asp endpoint to minimize the risk of exploitation.Fix
Exposure of Resource to Wrong Sphere
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mutare Voice