Vulnerability Details CVE-2021-37364
OpenClinic GA 5.194.18 is affected by Insecure Permissions. By default the Authenticated Users group has the modify permission to openclinic folders/files. A low privilege account is able to rename mysqld.exe or tomcat8.exe files located in bin folders and replace with a malicious file that would connect back to an attacking computer giving system level privileges (nt authority\system) due to the service running as Local System. While a low privilege user is unable to restart the service through the application, a restart of the computer triggers the execution of the malicious file. The application also have unquoted service path issues.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 39.2%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 9.3
References
- https://sourceforge.net/projects/open-clinic/
- https://sourceforge.net/projects/open-clinic/files/latest/download
- https://www.exploit-db.com/exploits/50448
- https://sourceforge.net/projects/open-clinic/
- https://sourceforge.net/projects/open-clinic/files/latest/download
- https://www.exploit-db.com/exploits/50448
Products affected by CVE-2021-37364
-
cpe:2.3:a:openclinic_ga_project:openclinic_ga:5.194.18