CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-41316

The Device42 Main Appliance before 17.05.01 does not sanitize user input in its Nmap Discovery utility. An attacker (with permissions to add or edit jobs run by this utility) can inject an extra argument to overwrite arbitrary files as the root user on the Remote Collector.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.01

EPSS Ranking 75.7%

CVSS Severity

CVSS v3 Score 8.1

CVSS v2 Score 8.5

References

https://blog.device42.com/2021/09/critical-fixes-in-17-05-01/
https://docs.device42.com/auto-discovery/nmap-autodiscovery/
https://docs.device42.com/auto-discovery/remote-collector-rc/
https://blog.device42.com/2021/09/critical-fixes-in-17-05-01/
https://docs.device42.com/auto-discovery/nmap-autodiscovery/
https://docs.device42.com/auto-discovery/remote-collector-rc/

Products affected by CVE-2021-41316

Device42 » Device42 » Version: N/A

cpe:2.3:a:device42:device42:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-41316

Products

Pricing

Contact Us