PT-2021-22501 · Xerosecurity · Xerosecurity Sn1Per
Nikola Pepelishev
·
Published
2021-08-19
·
Updated
2021-08-26
·
CVE-2021-39273
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
XeroSecurity Sn1per version 9.0
Description
The issue arises from insecure permissions set during application execution, allowing an unprivileged user to modify the application, its modules, and configuration files. This results in arbitrary code execution with root privileges.
Recommendations
For XeroSecurity Sn1per version 9.0, consider changing the permissions from 0777 to a more secure setting to prevent unauthorized modifications and arbitrary code execution. As a temporary workaround, restrict access to the application and its configuration files to minimize the risk of exploitation.
Exploit
Fix
Incorrect Default Permissions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Xerosecurity Sn1Per