PT-2021-4946 · Advantech · Advantech R-Seenet
Yuri Kramarz
·
Published
2021-08-23
·
Updated
2022-08-24
·
CVE-2021-21911
CVSS v3.1
8.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Advantech R-SeeNet version 2.4.15
Description
The issue is related to insufficient access restrictions to the C:R-SeeNet directory, which can be exploited by an attacker to escalate privileges using a specially crafted malicious file. This can allow the attacker to gain NT SYSTEM authority.
Recommendations
For Advantech R-SeeNet version 2.4.15, consider restricting access to the C:R-SeeNet directory to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the vulnerable executable file C:R-SeeNetR SeeNet.exe until the issue is resolved.
Exploit
Fix
Incorrect Default Permissions
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Advantech R-Seenet