CWE-269
Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
CVE-2021-33538 (GCVE-0-2021-33538)
Vulnerability from cvelistv5 – Published: 2021-06-25 18:26 – Updated: 2024-09-16 23:47
VLAI
Title
WEIDMUELLER: WLAN devices affected by improper access control vulnerability
Summary
In Weidmueller Industrial WLAN devices in multiple versions an exploitable improper access control vulnerability exists in the iw_webs account settings functionality. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the device as that user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.
Severity
8.8 (High)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://cert.vde.com/en-us/advisories/vde-2021-026 | x_refsource_CONFIRM |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Weidmüller | IE-WL(T)-BL-AP-CL-XX |
Affected:
IE-WL-BL-AP-CL-EU (2536600000) , ≤ V1.16.18 (Build 18081617)
(custom)
Affected: IE-WLT-BL-AP-CL-EU (2536650000) , ≤ V1.16.18 (Build 18081617) (custom) Affected: IE-WL-BL-AP-CL-US (2536660000) , ≤ V1.16.18 (Build 18081617) (custom) Affected: IE-WLT-BL-AP-CL-US (2536670000) , ≤ V1.16.18 (Build 18081617) (custom) |
|
| Weidmüller | IE-WL(T)-VL-AP-CL-XX |
Affected:
IE-WL-VL-AP-BR-CL-EU (2536680000) , ≤ V1.11.10 (Build 18122616)
(custom)
Affected: IE-WLT-VL-AP-BR-CL-EU (2536690000) , ≤ V1.11.10 (Build 18122616) (custom) Affected: IE-WL-VL-AP-BR-CL-US (2536700000) , ≤ V1.11.10 (Build 18122616) (custom) Affected: IE-WLT-VL-AP-BR-CL-US (2536710000) , ≤ V1.11.10 (Build 18122616) (custom) |
Date Public
2021-06-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:43.037Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IE-WL(T)-BL-AP-CL-XX",
"vendor": "Weidm\u00fcller",
"versions": [
{
"lessThanOrEqual": "V1.16.18 (Build 18081617)",
"status": "affected",
"version": "IE-WL-BL-AP-CL-EU (2536600000)",
"versionType": "custom"
},
{
"lessThanOrEqual": "V1.16.18 (Build 18081617)",
"status": "affected",
"version": "IE-WLT-BL-AP-CL-EU (2536650000)",
"versionType": "custom"
},
{
"lessThanOrEqual": "V1.16.18 (Build 18081617)",
"status": "affected",
"version": "IE-WL-BL-AP-CL-US (2536660000)",
"versionType": "custom"
},
{
"lessThanOrEqual": "V1.16.18 (Build 18081617)",
"status": "affected",
"version": "IE-WLT-BL-AP-CL-US (2536670000)",
"versionType": "custom"
}
]
},
{
"product": "IE-WL(T)-VL-AP-CL-XX",
"vendor": "Weidm\u00fcller",
"versions": [
{
"lessThanOrEqual": "V1.11.10 (Build 18122616)",
"status": "affected",
"version": "IE-WL-VL-AP-BR-CL-EU (2536680000)",
"versionType": "custom"
},
{
"lessThanOrEqual": "V1.11.10 (Build 18122616)",
"status": "affected",
"version": "IE-WLT-VL-AP-BR-CL-EU (2536690000)",
"versionType": "custom"
},
{
"lessThanOrEqual": "V1.11.10 (Build 18122616)",
"status": "affected",
"version": "IE-WL-VL-AP-BR-CL-US (2536700000)",
"versionType": "custom"
},
{
"lessThanOrEqual": "V1.11.10 (Build 18122616)",
"status": "affected",
"version": "IE-WLT-VL-AP-BR-CL-US (2536710000)",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-06-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Weidmueller Industrial WLAN devices in multiple versions an exploitable improper access control vulnerability exists in the iw_webs account settings functionality. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the device as that user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-25T18:26:02.000Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
}
],
"solutions": [
{
"lang": "en",
"value": "For IE-WL(T)-BL-AP-CL-XX versions V1.16.21 (Build 21010513) and greater are fixed.\nFor IE-WL(T)-VL-AP-CL-XX versions V1.11.13 (Build 21010513) and greater are fixed."
}
],
"source": {
"advisory": "VDE-2021-026",
"defect": [
"VDE-2021-026"
],
"discovery": "EXTERNAL"
},
"title": "WEIDMUELLER: WLAN devices affected by improper access control vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-06-23T10:00:00.000Z",
"ID": "CVE-2021-33538",
"STATE": "PUBLIC",
"TITLE": "WEIDMUELLER: WLAN devices affected by improper access control vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IE-WL(T)-BL-AP-CL-XX",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "IE-WL-BL-AP-CL-EU (2536600000)",
"version_value": "V1.16.18 (Build 18081617)"
},
{
"version_affected": "\u003c=",
"version_name": "IE-WLT-BL-AP-CL-EU (2536650000)",
"version_value": "V1.16.18 (Build 18081617)"
},
{
"version_affected": "\u003c=",
"version_name": "IE-WL-BL-AP-CL-US (2536660000)",
"version_value": "V1.16.18 (Build 18081617)"
},
{
"version_affected": "\u003c=",
"version_name": "IE-WLT-BL-AP-CL-US (2536670000)",
"version_value": "V1.16.18 (Build 18081617)"
}
]
}
},
{
"product_name": "IE-WL(T)-VL-AP-CL-XX",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "IE-WL-VL-AP-BR-CL-EU (2536680000)",
"version_value": "V1.11.10 (Build 18122616)"
},
{
"version_affected": "\u003c=",
"version_name": "IE-WLT-VL-AP-BR-CL-EU (2536690000)",
"version_value": "V1.11.10 (Build 18122616)"
},
{
"version_affected": "\u003c=",
"version_name": "IE-WL-VL-AP-BR-CL-US (2536700000)",
"version_value": "V1.11.10 (Build 18122616)"
},
{
"version_affected": "\u003c=",
"version_name": "IE-WLT-VL-AP-BR-CL-US (2536710000)",
"version_value": "V1.11.10 (Build 18122616)"
}
]
}
}
]
},
"vendor_name": "Weidm\u00fcller"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Weidmueller Industrial WLAN devices in multiple versions an exploitable improper access control vulnerability exists in the iw_webs account settings functionality. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the device as that user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en-us/advisories/vde-2021-026",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en-us/advisories/vde-2021-026"
}
]
},
"solution": [
{
"lang": "en",
"value": "For IE-WL(T)-BL-AP-CL-XX versions V1.16.21 (Build 21010513) and greater are fixed.\nFor IE-WL(T)-VL-AP-CL-XX versions V1.11.13 (Build 21010513) and greater are fixed."
}
],
"source": {
"advisory": "VDE-2021-026",
"defect": [
"VDE-2021-026"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-33538",
"datePublished": "2021-06-25T18:26:02.939Z",
"dateReserved": "2021-05-24T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:47:04.008Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34579 (GCVE-0-2021-34579)
Vulnerability from cvelistv5 – Published: 2022-11-09 16:28 – Updated: 2025-04-29 15:02
VLAI
Title
PHOENIX CONTACT: FL MGUARD DM version 1.12.0 and 1.13.0 Improper Privilege Management
Summary
In Phoenix Contact: FL MGUARD DM version 1.12.0 and 1.13.0 access to the Apache web server being installed as part of the FL MGUARD DM on Microsoft Windows does not require login credentials even if configured during installation.Attackers with network access to the Apache web server can download and therefore read mGuard configuration profiles (“ATV profiles”). Such configuration profiles may contain sensitive information, e.g. private keys associated with IPsec VPN connections.
Severity
7.5 (High)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| PHOENIX CONTACT | FL MGUARD DM (2981974) |
Affected:
1.12.0
Affected: 1.13.0 |
Date Public
2021-08-11 10:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:19:46.594Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-035/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-34579",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-29T15:01:29.163616Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-29T15:02:14.286Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FL MGUARD DM (2981974)",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "1.12.0"
},
{
"status": "affected",
"version": "1.13.0"
}
]
}
],
"datePublic": "2021-08-11T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Phoenix Contact: FL MGUARD DM version 1.12.0 and 1.13.0 access to the Apache web server being installed as part of the FL MGUARD DM on Microsoft Windows does not require login credentials even if configured during installation.Attackers with network access to the Apache web server can download and therefore read mGuard configuration profiles (\u201cATV profiles\u201d). Such configuration profiles may contain sensitive information, e.g. private keys associated with IPsec VPN connections."
}
],
"value": "In Phoenix Contact: FL MGUARD DM version 1.12.0 and 1.13.0 access to the Apache web server being installed as part of the FL MGUARD DM on Microsoft Windows does not require login credentials even if configured during installation.Attackers with network access to the Apache web server can download and therefore read mGuard configuration profiles (\u201cATV profiles\u201d). Such configuration profiles may contain sensitive information, e.g. private keys associated with IPsec VPN connections."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-09T16:28:32.817Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2021-035/"
}
],
"source": {
"advisory": "VDE-2021-035",
"discovery": "UNKNOWN"
},
"title": "PHOENIX CONTACT: FL MGUARD DM version 1.12.0 and 1.13.0 Improper Privilege Management",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-34579",
"datePublished": "2022-11-09T16:28:32.817Z",
"dateReserved": "2021-06-10T19:19:08.025Z",
"dateUpdated": "2025-04-29T15:02:14.286Z",
"requesterUserId": "520cc88b-a1c8-44f6-9154-21a4d74c769f",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34621 (GCVE-0-2021-34621)
Vulnerability from cvelistv5 – Published: 2021-07-07 12:21 – Updated: 2024-10-15 18:57
VLAI
Title
ProfilePress 3.0 - 3.1.3 - Unauthenticated Privilege Escalation
Summary
A vulnerability in the user registration component found in the ~/src/Classes/RegistrationAuth.php file of the ProfilePress WordPress plugin made it possible for users to register on sites as an administrator. This issue affects versions 3.0.0 - 3.1.3. .
Severity
9.8 (Critical)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.wordfence.com/blog/2021/06/easily-exp… | x_refsource_MISC |
| http://packetstormsecurity.com/files/163973/WordP… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ProfilePress | ProfilePress |
Affected:
3.0.0 - 3.1.3
|
Date Public
2021-06-28 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:19:47.452Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.wordfence.com/blog/2021/06/easily-exploitable-critical-vulnerabilities-patched-in-profilepress-plugin/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/163973/WordPress-ProfilePress-3.1.3-Privilege-Escalation.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:properfraction:profilepress:-:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unknown",
"product": "profilepress",
"vendor": "properfraction",
"versions": [
{
"lessThanOrEqual": "3.1.3",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-34621",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T18:52:16.058977Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T18:57:02.370Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ProfilePress",
"vendor": "ProfilePress",
"versions": [
{
"status": "affected",
"version": "3.0.0 - 3.1.3"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Chloe Chamberland, Wordfence"
}
],
"datePublic": "2021-06-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the user registration component found in the ~/src/Classes/RegistrationAuth.php file of the ProfilePress WordPress plugin made it possible for users to register on sites as an administrator. This issue affects versions 3.0.0 - 3.1.3. ."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-31T17:06:22.000Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.wordfence.com/blog/2021/06/easily-exploitable-critical-vulnerabilities-patched-in-profilepress-plugin/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/163973/WordPress-ProfilePress-3.1.3-Privilege-Escalation.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to version 3.1.4 or higher."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "ProfilePress 3.0 - 3.1.3 - Unauthenticated Privilege Escalation",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"DATE_PUBLIC": "2021-06-28T19:45:00.000Z",
"ID": "CVE-2021-34621",
"STATE": "PUBLIC",
"TITLE": "ProfilePress 3.0 - 3.1.3 - Unauthenticated Privilege Escalation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ProfilePress",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "3.0.0 - 3.1.3",
"version_value": "3.0.0 - 3.1.3"
}
]
}
}
]
},
"vendor_name": "ProfilePress"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Chloe Chamberland, Wordfence"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the user registration component found in the ~/src/Classes/RegistrationAuth.php file of the ProfilePress WordPress plugin made it possible for users to register on sites as an administrator. This issue affects versions 3.0.0 - 3.1.3. ."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wordfence.com/blog/2021/06/easily-exploitable-critical-vulnerabilities-patched-in-profilepress-plugin/",
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/06/easily-exploitable-critical-vulnerabilities-patched-in-profilepress-plugin/"
},
{
"name": "http://packetstormsecurity.com/files/163973/WordPress-ProfilePress-3.1.3-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/163973/WordPress-ProfilePress-3.1.3-Privilege-Escalation.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to version 3.1.4 or higher."
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2021-34621",
"datePublished": "2021-07-07T12:21:16.266Z",
"dateReserved": "2021-06-10T00:00:00.000Z",
"dateUpdated": "2024-10-15T18:57:02.370Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34622 (GCVE-0-2021-34622)
Vulnerability from cvelistv5 – Published: 2021-07-07 12:20 – Updated: 2024-10-15 19:10
VLAI
Title
ProfilePress 3.0 - 3.1.3 - Authenticated Privilege Escalation
Summary
A vulnerability in the user profile update component found in the ~/src/Classes/EditUserProfile.php file of the ProfilePress WordPress plugin made it possible for users to escalate their privileges to that of an administrator while editing their profile. This issue affects versions 3.0.0 - 3.1.3. .
Severity
9.8 (Critical)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.wordfence.com/blog/2021/06/easily-exp… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ProfilePress | ProfilePress |
Affected:
3.0.0 - 3.1.3
|
Date Public
2021-06-28 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:19:47.472Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.wordfence.com/blog/2021/06/easily-exploitable-critical-vulnerabilities-patched-in-profilepress-plugin/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:properfraction:profilepress:-:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unknown",
"product": "profilepress",
"vendor": "properfraction",
"versions": [
{
"lessThanOrEqual": "3.1.3",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-34622",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T19:10:17.970225Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T19:10:53.294Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ProfilePress",
"vendor": "ProfilePress",
"versions": [
{
"status": "affected",
"version": "3.0.0 - 3.1.3"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Chloe Chamberland, Wordfence"
}
],
"datePublic": "2021-06-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the user profile update component found in the ~/src/Classes/EditUserProfile.php file of the ProfilePress WordPress plugin made it possible for users to escalate their privileges to that of an administrator while editing their profile. This issue affects versions 3.0.0 - 3.1.3. ."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-07T12:20:58.000Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.wordfence.com/blog/2021/06/easily-exploitable-critical-vulnerabilities-patched-in-profilepress-plugin/"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to version 3.1.4 or higher."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "ProfilePress 3.0 - 3.1.3 - Authenticated Privilege Escalation",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"DATE_PUBLIC": "2021-06-28T19:45:00.000Z",
"ID": "CVE-2021-34622",
"STATE": "PUBLIC",
"TITLE": "ProfilePress 3.0 - 3.1.3 - Authenticated Privilege Escalation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ProfilePress",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "3.0.0 - 3.1.3",
"version_value": "3.0.0 - 3.1.3"
}
]
}
}
]
},
"vendor_name": "ProfilePress"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Chloe Chamberland, Wordfence"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the user profile update component found in the ~/src/Classes/EditUserProfile.php file of the ProfilePress WordPress plugin made it possible for users to escalate their privileges to that of an administrator while editing their profile. This issue affects versions 3.0.0 - 3.1.3. ."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wordfence.com/blog/2021/06/easily-exploitable-critical-vulnerabilities-patched-in-profilepress-plugin/",
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/06/easily-exploitable-critical-vulnerabilities-patched-in-profilepress-plugin/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to version 3.1.4 or higher."
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2021-34622",
"datePublished": "2021-07-07T12:20:58.388Z",
"dateReserved": "2021-06-10T00:00:00.000Z",
"dateUpdated": "2024-10-15T19:10:53.294Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34745 (GCVE-0-2021-34745)
Vulnerability from cvelistv5 – Published: 2021-08-18 19:50 – Updated: 2024-11-07 22:03
VLAI
Title
AppDynamics .NET Agent Privilege Escalation Vulnerability
Summary
A vulnerability in the AppDynamics .NET Agent for Windows could allow an attacker to leverage an authenticated, local user account to gain SYSTEM privileges. This vulnerability is due to the .NET Agent Coordinator Service executing code with SYSTEM privileges. An attacker with local access to a device that is running the vulnerable agent could create a custom process that would be launched with those SYSTEM privileges. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system. This vulnerability is fixed in AppDynamics .NET Agent Release 21.7.
Severity
7.8 (High)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://docs.appdynamics.com/display/PAA/Security… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | AppDynamics .NET Agent for Windows |
Affected:
unspecified , < 21.7
(custom)
|
Date Public
2021-08-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:19:48.160Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.appdynamics.com/display/PAA/Security+Advisory%3A+AppDynamics+.NET+Agent+Privilege+Escalation+Vulnerability"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-34745",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T21:43:26.020075Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T22:03:35.792Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AppDynamics .NET Agent for Windows",
"vendor": "Cisco",
"versions": [
{
"lessThan": "21.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-08-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the AppDynamics .NET Agent for Windows could allow an attacker to leverage an authenticated, local user account to gain SYSTEM privileges. This vulnerability is due to the .NET Agent Coordinator Service executing code with SYSTEM privileges. An attacker with local access to a device that is running the vulnerable agent could create a custom process that would be launched with those SYSTEM privileges. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system. This vulnerability is fixed in AppDynamics .NET Agent Release 21.7."
}
],
"exploits": [
{
"lang": "en",
"value": "AppDynamics is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-18T19:50:12.000Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.appdynamics.com/display/PAA/Security+Advisory%3A+AppDynamics+.NET+Agent+Privilege+Escalation+Vulnerability"
}
],
"source": {
"advisory": "appd-sa-dotnet-privesc",
"discovery": "INTERNAL"
},
"title": "AppDynamics .NET Agent Privilege Escalation Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2021-08-18T15:40:00.000Z",
"ID": "CVE-2021-34745",
"STATE": "PUBLIC",
"TITLE": "AppDynamics .NET Agent Privilege Escalation Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AppDynamics .NET Agent for Windows",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "21.7"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the AppDynamics .NET Agent for Windows could allow an attacker to leverage an authenticated, local user account to gain SYSTEM privileges. This vulnerability is due to the .NET Agent Coordinator Service executing code with SYSTEM privileges. An attacker with local access to a device that is running the vulnerable agent could create a custom process that would be launched with those SYSTEM privileges. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system. This vulnerability is fixed in AppDynamics .NET Agent Release 21.7."
}
]
},
"exploit": [
{
"lang": "en",
"value": "AppDynamics is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.appdynamics.com/display/PAA/Security+Advisory%3A+AppDynamics+.NET+Agent+Privilege+Escalation+Vulnerability",
"refsource": "CONFIRM",
"url": "https://docs.appdynamics.com/display/PAA/Security+Advisory%3A+AppDynamics+.NET+Agent+Privilege+Escalation+Vulnerability"
}
]
},
"source": {
"advisory": "appd-sa-dotnet-privesc",
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2021-34745",
"datePublished": "2021-08-18T19:50:12.469Z",
"dateReserved": "2021-06-15T00:00:00.000Z",
"dateUpdated": "2024-11-07T22:03:35.792Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34766 (GCVE-0-2021-34766)
Vulnerability from cvelistv5 – Published: 2021-10-06 19:45 – Updated: 2024-11-07 21:49
VLAI
Title
Cisco Smart Software Manager Privilege Escalation Vulnerability
Summary
A vulnerability in the web UI of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to elevate privileges and create, read, update, or delete records and settings in multiple functions. This vulnerability is due to insufficient authorization of the System User and System Operator role capabilities. An attacker could exploit this vulnerability by directly accessing a web resource. A successful exploit could allow the attacker to create, read, update, or delete records and settings in multiple functions without the necessary permissions on the web UI.
Severity
5.4 (Medium)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://tools.cisco.com/security/center/content/C… | vendor-advisoryx_refsource_CISCO |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Smart Software Manager On-Prem |
Affected:
n/a
|
Date Public
2021-10-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:19:48.203Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20211006 Cisco Smart Software Manager Privilege Escalation Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssm-priv-esc-5g35cdDJ"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-34766",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T21:40:11.954791Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T21:49:16.890Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Smart Software Manager On-Prem",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2021-10-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web UI of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to elevate privileges and create, read, update, or delete records and settings in multiple functions. This vulnerability is due to insufficient authorization of the System User and System Operator role capabilities. An attacker could exploit this vulnerability by directly accessing a web resource. A successful exploit could allow the attacker to create, read, update, or delete records and settings in multiple functions without the necessary permissions on the web UI."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-06T19:45:53.000Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20211006 Cisco Smart Software Manager Privilege Escalation Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssm-priv-esc-5g35cdDJ"
}
],
"source": {
"advisory": "cisco-sa-ssm-priv-esc-5g35cdDJ",
"defect": [
[
"CSCvz05241"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Smart Software Manager Privilege Escalation Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2021-10-06T16:00:00",
"ID": "CVE-2021-34766",
"STATE": "PUBLIC",
"TITLE": "Cisco Smart Software Manager Privilege Escalation Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Smart Software Manager On-Prem",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the web UI of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to elevate privileges and create, read, update, or delete records and settings in multiple functions. This vulnerability is due to insufficient authorization of the System User and System Operator role capabilities. An attacker could exploit this vulnerability by directly accessing a web resource. A successful exploit could allow the attacker to create, read, update, or delete records and settings in multiple functions without the necessary permissions on the web UI."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "5.4",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20211006 Cisco Smart Software Manager Privilege Escalation Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssm-priv-esc-5g35cdDJ"
}
]
},
"source": {
"advisory": "cisco-sa-ssm-priv-esc-5g35cdDJ",
"defect": [
[
"CSCvz05241"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2021-34766",
"datePublished": "2021-10-06T19:45:53.961Z",
"dateReserved": "2021-06-15T00:00:00.000Z",
"dateUpdated": "2024-11-07T21:49:16.890Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34810 (GCVE-0-2021-34810)
Vulnerability from cvelistv5 – Published: 2021-06-18 03:00 – Updated: 2024-09-16 16:14
VLAI
Summary
Improper privilege management vulnerability in cgi component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors.
Severity
9.9 (Critical)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.synology.com/security/advisory/Synolo… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Synology | Download Station |
Affected:
unspecified , < 3.8.16-3566
(custom)
|
Date Public
2021-06-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:26:53.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_21_11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Download Station",
"vendor": "Synology",
"versions": [
{
"lessThan": "3.8.16-3566",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-06-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Improper privilege management vulnerability in cgi component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-18T03:00:22.000Z",
"orgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
"shortName": "synology"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_21_11"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@synology.com",
"DATE_PUBLIC": "2021-06-17T07:09:26.463950",
"ID": "CVE-2021-34810",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Download Station",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "3.8.16-3566"
}
]
}
}
]
},
"vendor_name": "Synology"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper privilege management vulnerability in cgi component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors."
}
]
},
"impact": {
"cvss": {
"baseScore": "9.9",
"vectorString": "AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269: Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.synology.com/security/advisory/Synology_SA_21_11",
"refsource": "CONFIRM",
"url": "https://www.synology.com/security/advisory/Synology_SA_21_11"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
"assignerShortName": "synology",
"cveId": "CVE-2021-34810",
"datePublished": "2021-06-18T03:00:22.755Z",
"dateReserved": "2021-06-16T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:14:21.210Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-36207 (GCVE-0-2021-36207)
Vulnerability from cvelistv5 – Published: 2022-04-29 16:39 – Updated: 2024-09-17 00:11
VLAI
Title
Metasys privilege management
Summary
Under certain circumstances improper privilege management in Metasys ADS/ADX/OAS servers versions 10 and 11 could allow an authenticated user to elevate their privileges to administrator.
Severity
8.8 (High)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.johnsoncontrols.com/cyber-solutions/s… | x_refsource_CONFIRM |
| https://www.cisa.gov/uscert/ics/advisories/icsa-2… | third-party-advisoryx_refsource_CERT |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Johnson Controls | Metasys ADS/ADX/OAS server |
Affected:
All 10 versions , < 10.1.5
(custom)
Affected: All 11 versions , < 11.0.2 (custom) |
Date Public
2022-04-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:54:50.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
},
{
"name": "ICS-CERT Advisory",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-118-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Metasys ADS/ADX/OAS server",
"vendor": "Johnson Controls",
"versions": [
{
"lessThan": "10.1.5",
"status": "affected",
"version": "All 10 versions",
"versionType": "custom"
},
{
"lessThan": "11.0.2",
"status": "affected",
"version": "All 11 versions",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-04-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Under certain circumstances improper privilege management in Metasys ADS/ADX/OAS servers versions 10 and 11 could allow an authenticated user to elevate their privileges to administrator."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-29T16:39:14.000Z",
"orgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
"shortName": "jci"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
},
{
"name": "ICS-CERT Advisory",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-118-01"
}
],
"solutions": [
{
"lang": "en",
"value": "Update all Metasys ADS/ADX/OAS Servers versions 10 with patch 10.1.5"
},
{
"lang": "en",
"value": "Update all Metasys ADS/ADX/OAS Servers versions 11 with patch 11.0.2"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Metasys privilege management",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productsecurity@jci.com",
"DATE_PUBLIC": "2022-04-28T18:39:00.000Z",
"ID": "CVE-2021-36207",
"STATE": "PUBLIC",
"TITLE": "Metasys privilege management"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Metasys ADS/ADX/OAS server",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "All 10 versions",
"version_value": "10.1.5"
},
{
"version_affected": "\u003c",
"version_name": "All 11 versions",
"version_value": "11.0.2"
}
]
}
}
]
},
"vendor_name": "Johnson Controls"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Under certain circumstances improper privilege management in Metasys ADS/ADX/OAS servers versions 10 and 11 could allow an authenticated user to elevate their privileges to administrator."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269: Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories",
"refsource": "CONFIRM",
"url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
},
{
"name": "ICS-CERT Advisory",
"refsource": "CERT",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-118-01"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update all Metasys ADS/ADX/OAS Servers versions 10 with patch 10.1.5"
},
{
"lang": "en",
"value": "Update all Metasys ADS/ADX/OAS Servers versions 11 with patch 11.0.2"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
"assignerShortName": "jci",
"cveId": "CVE-2021-36207",
"datePublished": "2022-04-29T16:39:14.893Z",
"dateReserved": "2021-07-06T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:11:33.212Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-36302 (GCVE-0-2021-36302)
Vulnerability from cvelistv5 – Published: 2022-02-09 20:00 – Updated: 2024-09-16 20:37
VLAI
Summary
All Dell EMC Integrated System for Microsoft Azure Stack Hub versions contain a privilege escalation vulnerability. A remote malicious user with standard level JEA credentials may potentially exploit this vulnerability to elevate privileges and take over the system.
Severity
9.9 (Critical)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00019116… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | Dell EMC Integrated System for Microsoft Azure Stack Hub |
Affected:
unspecified , < Dell EMC 2204
(custom)
|
Date Public
2021-09-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:54:51.378Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000191165/dsa-2021-178-dell-emc-integrated-solution-for-microsoft-azure-stack-hub-security-update-for-a-just-enough-administration-jea-vulnerability"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Dell EMC Integrated System for Microsoft Azure Stack Hub",
"vendor": "Dell",
"versions": [
{
"lessThan": "Dell EMC 2204",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-09-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "All Dell EMC Integrated System for Microsoft Azure Stack Hub versions contain a privilege escalation vulnerability. A remote malicious user with standard level JEA credentials may potentially exploit this vulnerability to elevate privileges and take over the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-09T20:00:14.000Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000191165/dsa-2021-178-dell-emc-integrated-solution-for-microsoft-azure-stack-hub-security-update-for-a-just-enough-administration-jea-vulnerability"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2021-09-01",
"ID": "CVE-2021-36302",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Dell EMC Integrated System for Microsoft Azure Stack Hub",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "Dell EMC 2204"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "All Dell EMC Integrated System for Microsoft Azure Stack Hub versions contain a privilege escalation vulnerability. A remote malicious user with standard level JEA credentials may potentially exploit this vulnerability to elevate privileges and take over the system."
}
]
},
"impact": {
"cvss": {
"baseScore": 9.9,
"baseSeverity": "Critical",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269: Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/kbdoc/en-us/000191165/dsa-2021-178-dell-emc-integrated-solution-for-microsoft-azure-stack-hub-security-update-for-a-just-enough-administration-jea-vulnerability",
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/en-us/000191165/dsa-2021-178-dell-emc-integrated-solution-for-microsoft-azure-stack-hub-security-update-for-a-just-enough-administration-jea-vulnerability"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2021-36302",
"datePublished": "2022-02-09T20:00:14.155Z",
"dateReserved": "2021-07-08T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:37:45.252Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-36307 (GCVE-0-2021-36307)
Vulnerability from cvelistv5 – Published: 2021-11-20 01:40 – Updated: 2024-09-16 16:13
VLAI
Summary
Networking OS10, versions prior to October 2021 with RESTCONF API enabled, contains a privilege escalation vulnerability. A malicious low privileged user with specific access to the API could potentially exploit this vulnerability to gain admin privileges on the affected system.
Severity
8.8 (High)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/000193076 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | Networking OS |
Affected:
unspecified , < OS10 10.4.3.8,OS10 10.5.0.6C3,OS10 10.5.0.10,OS10 10.5.1.10,OS10 10.5.2.8,OS10 10.5.3.0P1,OS10 10.5.2.3kcc
(custom)
|
Date Public
2021-11-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:54:51.409Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000193076"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Networking OS",
"vendor": "Dell",
"versions": [
{
"lessThan": "OS10 10.4.3.8,OS10 10.5.0.6C3,OS10 10.5.0.10,OS10 10.5.1.10,OS10 10.5.2.8,OS10 10.5.3.0P1,OS10 10.5.2.3kcc",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-11-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Networking OS10, versions prior to October 2021 with RESTCONF API enabled, contains a privilege escalation vulnerability. A malicious low privileged user with specific access to the API could potentially exploit this vulnerability to gain admin privileges on the affected system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-20T01:40:18.000Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000193076"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2021-11-01",
"ID": "CVE-2021-36307",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Networking OS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "OS10 10.4.3.8,OS10 10.5.0.6C3,OS10 10.5.0.10,OS10 10.5.1.10,OS10 10.5.2.8,OS10 10.5.3.0P1,OS10 10.5.2.3kcc"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Networking OS10, versions prior to October 2021 with RESTCONF API enabled, contains a privilege escalation vulnerability. A malicious low privileged user with specific access to the API could potentially exploit this vulnerability to gain admin privileges on the affected system."
}
]
},
"impact": {
"cvss": {
"baseScore": 8.8,
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269: Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/kbdoc/en-us/000193076",
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/en-us/000193076"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2021-36307",
"datePublished": "2021-11-20T01:40:19.082Z",
"dateReserved": "2021-07-08T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:13:31.006Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation ID: MIT-1
Phases: Architecture and Design, Operation
Description:
- Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Mitigation ID: MIT-48
Phase: Architecture and Design
Strategy: Separation of Privilege
Description:
- Follow the principle of least privilege when assigning access rights to entities in a software system.
Mitigation ID: MIT-49
Phase: Architecture and Design
Strategy: Separation of Privilege
Description:
- Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.
CAPEC-122: Privilege Abuse
An adversary is able to exploit features of the target that should be reserved for privileged users or administrators but are exposed to use by lower or non-privileged accounts. Access to sensitive information and functionality must be controlled to ensure that only authorized users are able to access these resources.
CAPEC-233: Privilege Escalation
An adversary exploits a weakness enabling them to elevate their privilege and perform an action that they are not supposed to be authorized to perform.
CAPEC-58: Restful Privilege Elevation
An adversary identifies a Rest HTTP (Get, Put, Delete) style permission method allowing them to perform various malicious actions upon server data due to lack of access control mechanisms implemented within the application service accepting HTTP messages.