PT-2022-10163 · Unknown · Mdt Autosave

Amir Preminger

Published

2022-04-01

Updated

2022-04-09

CVE-2021-32961

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions MDT AutoSave versions prior to v6.02.06

Description The issue concerns a getfile function that allows a user to supply an optional parameter. This parameter can cause the function to process a request in a special manner, potentially leading to the execution of an unzip command. As a result, a malicious .exe file can be placed in one of the locations the function looks for, allowing it to gain execution capabilities.

Recommendations For MDT AutoSave versions prior to v6.02.06, update to version v6.02.06 or later to resolve the issue. As a temporary workaround, consider restricting the use of the getfile function until a patch is applied.

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2021-32961

Affected Products

Mdt Autosave

PT-2022-10163 · Unknown · Mdt Autosave

CVE-2021-32961

Weakness Enumeration

Related Identifiers

Affected Products

References · 4