PT-2022-11809 · Code42 · Crashplan For Small Business+5
Published
2022-01-20
·
Updated
2022-07-12
·
CVE-2021-43269
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Code42 app versions prior to 8.8.0
Incydr Basic versions prior to 8.8.0
Incydr Advanced versions prior to 8.8.0
Incydr Gov F1 versions prior to 8.8.0
CrashPlan Cloud versions prior to 8.8.0
CrashPlan for Small Business versions prior to 8.8.0
Description
The issue allows an attacker to change a device's proxy configuration to use a malicious proxy auto-config (PAC) file, leading to arbitrary code execution through eval injection. This affects several Code42 products, excluding Incydr Professional and Enterprise.
Recommendations
For Code42 app version prior to 8.8.0, update to version 8.8.0 or later.
For Incydr Basic version prior to 8.8.0, update to version 8.8.0 or later.
For Incydr Advanced version prior to 8.8.0, update to version 8.8.0 or later.
For Incydr Gov F1 version prior to 8.8.0, update to version 8.8.0 or later.
For CrashPlan Cloud version prior to 8.8.0, update to version 8.8.0 or later.
For CrashPlan for Small Business version prior to 8.8.0, update to version 8.8.0 or later.
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Code42
Crashplan Cloud
Crashplan For Small Business
Incydr Advanced
Incydr Basic
Incydr Gov F1