CVE-2021-41316

Name of the Vulnerable Software and Affected Versions Device42 Main Appliance versions prior to 17.05.01

Description The issue concerns the Nmap Discovery utility in the Device42 Main Appliance, which does not properly sanitize user input. This allows an attacker with permissions to add or edit jobs run by this utility to inject an extra argument, potentially overwriting arbitrary files as the root user on the Remote Collector.

Recommendations For versions prior to 17.05.01, update to version 17.05.01 or later to resolve the issue. As a temporary workaround, consider restricting access to the Nmap Discovery utility and limiting permissions for adding or editing jobs to minimize the risk of exploitation.