Vulnerability Details CVE-2021-27197
DSUtility.dll in Pelco Digital Sentry Server before 7.19.67 has an arbitrary file write vulnerability. The AppendToTextFile method doesn't check if it's being called from the application or from a malicious user. The vulnerability is triggered when a remote attacker crafts an HTML page (e.g., with "OBJECT classid=" and "<SCRIPT language='vbscript'>") to overwrite arbitrary files.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 52.4%
CVSS Severity
CVSS v3 Score 8.1
CVSS v2 Score 8.8
References
- https://github.com/vitorespf/Advisories/blob/master/Pelco_Digital_Sentry_Server_AFW.txt
- https://support.pelco.com/s/article/What-is-the-Digital-Sentry-software-release-revision-history
- https://github.com/vitorespf/Advisories/blob/master/Pelco_Digital_Sentry_Server_AFW.txt
- https://support.pelco.com/s/article/What-is-the-Digital-Sentry-software-release-revision-history
Products affected by CVE-2021-27197
-
cpe:2.3:a:pelco:digital_sentry_server:4.1.036
-
cpe:2.3:a:pelco:digital_sentry_server:6.8.2119
-
cpe:2.3:a:pelco:digital_sentry_server:6.8.22
-
cpe:2.3:a:pelco:digital_sentry_server:7.0.08
-
cpe:2.3:a:pelco:digital_sentry_server:7.0.24
-
cpe:2.3:a:pelco:digital_sentry_server:7.0.41
-
cpe:2.3:a:pelco:digital_sentry_server:7.0.70
-
cpe:2.3:a:pelco:digital_sentry_server:7.0.71
-
cpe:2.3:a:pelco:digital_sentry_server:7.1.47
-
cpe:2.3:a:pelco:digital_sentry_server:7.1.90
-
cpe:2.3:a:pelco:digital_sentry_server:7.10.247.10443
-
cpe:2.3:a:pelco:digital_sentry_server:7.11.269.10591
-
cpe:2.3:a:pelco:digital_sentry_server:7.12.156.10692
-
cpe:2.3:a:pelco:digital_sentry_server:7.14.133.10849
-
cpe:2.3:a:pelco:digital_sentry_server:7.15.70.11007
-
cpe:2.3:a:pelco:digital_sentry_server:7.16.69.11093
-
cpe:2.3:a:pelco:digital_sentry_server:7.17.136.11334
-
cpe:2.3:a:pelco:digital_sentry_server:7.18.72.11464
-
cpe:2.3:a:pelco:digital_sentry_server:7.19.57.11527
-
cpe:2.3:a:pelco:digital_sentry_server:7.2.30
-
cpe:2.3:a:pelco:digital_sentry_server:7.2.46
-
cpe:2.3:a:pelco:digital_sentry_server:7.3.208
-
cpe:2.3:a:pelco:digital_sentry_server:7.3.54
-
cpe:2.3:a:pelco:digital_sentry_server:7.4.149.7253
-
cpe:2.3:a:pelco:digital_sentry_server:7.4.320.7640
-
cpe:2.3:a:pelco:digital_sentry_server:7.4.363.7915
-
cpe:2.3:a:pelco:digital_sentry_server:7.5.609.8802
-
cpe:2.3:a:pelco:digital_sentry_server:7.6.32.9203
-
cpe:2.3:a:pelco:digital_sentry_server:7.7.309.9631
-
cpe:2.3:a:pelco:digital_sentry_server:7.7.313.9650
-
cpe:2.3:a:pelco:digital_sentry_server:7.8.90.9835
-
cpe:2.3:a:pelco:digital_sentry_server:7.8.91.9869
-
cpe:2.3:a:pelco:digital_sentry_server:7.9
-
cpe:2.3:a:pelco:digital_sentry_server:7.9.148.10001
-
cpe:2.3:a:pelco:digital_sentry_server:7.9.154.10969