Vulnerability Details CVE-2021-35231
As a result of an unquoted service path vulnerability present in the Kiwi Syslog Server Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path of the affected service or uninstall entry. Example vulnerable path: "Computer\HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Kiwi Syslog Server\Parameters\Application".
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 59.8%
CVSS Severity
CVSS v3 Score 6.7
CVSS v2 Score 4.6
References
- https://documentation.solarwinds.com/en/success_center/kss/content/release_notes/kss_9-8_release_notes.htm
- https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35231
- https://documentation.solarwinds.com/en/success_center/kss/content/release_notes/kss_9-8_release_notes.htm
- https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35231
Products affected by CVE-2021-35231
-
cpe:2.3:a:solarwinds:kiwi_syslog_server:-
-
cpe:2.3:a:solarwinds:kiwi_syslog_server:9.5
-
cpe:2.3:a:solarwinds:kiwi_syslog_server:9.5.1
-
cpe:2.3:a:solarwinds:kiwi_syslog_server:9.5.2
-
cpe:2.3:a:solarwinds:kiwi_syslog_server:9.6.1
-
cpe:2.3:a:solarwinds:kiwi_syslog_server:9.6.2
-
cpe:2.3:a:solarwinds:kiwi_syslog_server:9.6.3
-
cpe:2.3:a:solarwinds:kiwi_syslog_server:9.6.5
-
cpe:2.3:a:solarwinds:kiwi_syslog_server:9.6.6
-
cpe:2.3:a:solarwinds:kiwi_syslog_server:9.6.7
-
cpe:2.3:a:solarwinds:kiwi_syslog_server:9.7
-
cpe:2.3:a:solarwinds:kiwi_syslog_server:9.7.1
-
cpe:2.3:a:solarwinds:kiwi_syslog_server:9.7.2