CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-37444

NCH IVM Attendant v5.12 and earlier suffers from a directory traversal weakness upon uploading plugins in a ZIP archive. This can lead to code execution if a ZIP element's pathname is set to a Windows startup folder, a file for the inbuilt Out-Going Message function, or a file for the the inbuilt Autodial function.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.012

EPSS Ranking 77.7%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.5

References

https://github.com/0xfml/poc/blob/main/NCH/IVM_5.12_RCE.md
https://www.nch.com.au/ivm/index.html
https://github.com/0xfml/poc/blob/main/NCH/IVM_5.12_RCE.md
https://www.nch.com.au/ivm/index.html

Products affected by CVE-2021-37444

Nchsoftware » Ivm Attendant » Version: 5.12

cpe:2.3:a:nchsoftware:ivm_attendant:5.12

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-37444

Products

Pricing

Contact Us