CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-41583

vpn-user-portal (aka eduVPN or Let's Connect!) before 2.3.14, as packaged for Debian 10, Debian 11, and Fedora, allows remote authenticated users to obtain OS filesystem access, because of the interaction of QR codes with an exec that uses the -r option. This can be leveraged to obtain additional VPN access.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.006

EPSS Ranking 68.9%

CVSS Severity

CVSS v3 Score 6.5

CVSS v2 Score 9.0

References

Products affected by CVE-2021-41583

Eduvpn » Vpn-User-Portal » Version: 2.3.10

cpe:2.3:a:eduvpn:vpn-user-portal:2.3.10
Eduvpn » Vpn-User-Portal » Version: 2.3.11

cpe:2.3:a:eduvpn:vpn-user-portal:2.3.11
Eduvpn » Vpn-User-Portal » Version: 2.3.12

cpe:2.3:a:eduvpn:vpn-user-portal:2.3.12
Eduvpn » Vpn-User-Portal » Version: 2.3.13

cpe:2.3:a:eduvpn:vpn-user-portal:2.3.13
Eduvpn » Vpn-User-Portal » Version: 2.3.2

cpe:2.3:a:eduvpn:vpn-user-portal:2.3.2
Eduvpn » Vpn-User-Portal » Version: 2.3.3

cpe:2.3:a:eduvpn:vpn-user-portal:2.3.3
Eduvpn » Vpn-User-Portal » Version: 2.3.4

cpe:2.3:a:eduvpn:vpn-user-portal:2.3.4
Eduvpn » Vpn-User-Portal » Version: 2.3.5

cpe:2.3:a:eduvpn:vpn-user-portal:2.3.5
Eduvpn » Vpn-User-Portal » Version: 2.3.6

cpe:2.3:a:eduvpn:vpn-user-portal:2.3.6
Eduvpn » Vpn-User-Portal » Version: 2.3.7

cpe:2.3:a:eduvpn:vpn-user-portal:2.3.7
Eduvpn » Vpn-User-Portal » Version: 2.3.8

cpe:2.3:a:eduvpn:vpn-user-portal:2.3.8
Eduvpn » Vpn-User-Portal » Version: 2.3.9

cpe:2.3:a:eduvpn:vpn-user-portal:2.3.9
Debian » Debian Linux » Version: 10.0

cpe:2.3:o:debian:debian_linux:10.0
Debian » Debian Linux » Version: 11.0

cpe:2.3:o:debian:debian_linux:11.0
Fedoraproject » Fedora » Version: N/A

cpe:2.3:o:fedoraproject:fedora:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-41583

Products

Pricing

Contact Us