PT-2021-22502 · Xerosecurity · Xerosecurity Sn1Per
Nikola Pepelishev
·
Published
2021-08-19
·
Updated
2021-08-30
·
CVE-2021-39274
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
XeroSecurity Sn1per version 9.0
Description
The issue is related to insecure directory permissions set during installation, allowing an unprivileged user to modify the main application and its configuration file. This results in arbitrary code execution with root privileges.
Recommendations
For XeroSecurity Sn1per version 9.0, consider changing the directory permissions to a more secure setting to prevent unauthorized modifications. As a temporary workaround, restrict access to the application's configuration file to minimize the risk of exploitation.
Exploit
Fix
Incorrect Default Permissions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Xerosecurity Sn1Per