PT-2021-2171 · Luxion · Keyshot+3
Rgod
·
Published
2021-02-04
·
Updated
2021-03-23
·
CVE-2021-22651
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Luxion KeyShot versions prior to 10.1
Luxion KeyShot Viewer versions prior to 10.1
Luxion KeyShot Network Rendering versions prior to 10.1
Luxion KeyVR versions prior to 10.1
Description
The issue arises when loading a specially crafted file, allowing an attacker to exploit a directory traversal vulnerability. This vulnerability occurs due to incorrect restriction of the path name to a directory with limited access, potentially impacting the confidentiality, integrity, and availability of protected information. The vulnerability enables an attacker to store arbitrary scripts into automatic startup folders while the software is processing the extraction of temporary files.
Recommendations
For Luxion KeyShot versions prior to 10.1, update to version 10.1 or later.
For Luxion KeyShot Viewer versions prior to 10.1, update to version 10.1 or later.
For Luxion KeyShot Network Rendering versions prior to 10.1, update to version 10.1 or later.
For Luxion KeyVR versions prior to 10.1, update to version 10.1 or later.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Keyshot
Keyshot Network Rendering
Keyshot Viewer
Keyvr