PT-2021-7826 · Unknown · C-Bus Toolkit+1
Published
2021-04-13
·
Updated
2022-02-23
·
CVE-2021-22796
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
C-Bus Toolkit versions 1.15.9 and prior
C-Gate Server versions 2.11.7 and prior
Description
A vulnerability exists that could allow remote code execution when a malicious file is uploaded, due to improper authentication. This issue is related to weaknesses in the authentication procedure, which can be exploited by an attacker to execute arbitrary code.
Recommendations
For C-Bus Toolkit versions 1.15.9 and prior, update to a version later than 1.15.9 to resolve the issue.
For C-Gate Server versions 2.11.7 and prior, update to a version later than 2.11.7 to resolve the issue.
As a temporary workaround, consider restricting file uploads to minimize the risk of exploitation.
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
C-Bus Toolkit
C-Gate Server