PT-2021-23602 · Unknown+1 · Xorux Lpar2Rrd+1
Simon Geusebroek
·
Published
2021-11-08
·
Updated
2022-09-03
·
CVE-2021-42372
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
XoruX LPAR2RRD and STOR2RRD versions prior to 7.30
Description
A shell command injection in the HW Events SNMP community allows authenticated remote attackers to execute arbitrary shell commands as the user running the service.
Recommendations
For versions prior to 7.30, update to version 7.30 or later to resolve the issue. As a temporary workaround, consider restricting access to the HW Events SNMP community to minimize the risk of exploitation.
Exploit
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Stor2Rrd
Xorux Lpar2Rrd