Vulnerability Details CVE-2021-42257
check_smart before 6.9.1 allows unintended drive access by an unprivileged user because it only checks for a substring match of a device path (the /dev/bus substring and a number), aka an unanchored regular expression.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 32.5%
CVSS Severity
CVSS v3 Score 7.1
CVSS v2 Score 3.6
References
- http://www.openwall.com/lists/oss-security/2021/10/14/2
- https://bugzilla.suse.com/show_bug.cgi?id=1183057
- https://nvd.nist.gov/vuln/detail/CVE-2021-42257
- https://www.claudiokuenzler.com/blog/1068/check_smart-6.9.1-security-fix-release-pseudo-device-path
- https://www.claudiokuenzler.com/monitoring-plugins/check_smart.php
- http://www.openwall.com/lists/oss-security/2021/10/14/2
- https://bugzilla.suse.com/show_bug.cgi?id=1183057
- https://nvd.nist.gov/vuln/detail/CVE-2021-42257
- https://www.claudiokuenzler.com/blog/1068/check_smart-6.9.1-security-fix-release-pseudo-device-path
- https://www.claudiokuenzler.com/monitoring-plugins/check_smart.php
Products affected by CVE-2021-42257
-
cpe:2.3:a:check_smart_project:check_smart:-
-
cpe:2.3:a:check_smart_project:check_smart:1.0
-
cpe:2.3:a:check_smart_project:check_smart:2.0
-
cpe:2.3:a:check_smart_project:check_smart:2.1
-
cpe:2.3:a:check_smart_project:check_smart:3.0
-
cpe:2.3:a:check_smart_project:check_smart:3.1
-
cpe:2.3:a:check_smart_project:check_smart:3.2
-
cpe:2.3:a:check_smart_project:check_smart:3.3
-
cpe:2.3:a:check_smart_project:check_smart:4.0
-
cpe:2.3:a:check_smart_project:check_smart:4.1
-
cpe:2.3:a:check_smart_project:check_smart:4.2
-
cpe:2.3:a:check_smart_project:check_smart:5.11
-
cpe:2.3:a:check_smart_project:check_smart:5.11.1
-
cpe:2.3:a:check_smart_project:check_smart:5.2
-
cpe:2.3:a:check_smart_project:check_smart:5.8
-
cpe:2.3:a:check_smart_project:check_smart:5.9
-
cpe:2.3:a:check_smart_project:check_smart:6.2.0
-
cpe:2.3:a:check_smart_project:check_smart:6.3.0
-
cpe:2.3:a:check_smart_project:check_smart:6.4.0
-
cpe:2.3:a:check_smart_project:check_smart:6.5.0
-
cpe:2.3:a:check_smart_project:check_smart:6.6.0
-
cpe:2.3:a:check_smart_project:check_smart:6.6.1
-
cpe:2.3:a:check_smart_project:check_smart:6.7.0
-
cpe:2.3:a:check_smart_project:check_smart:6.7.1
-
cpe:2.3:a:check_smart_project:check_smart:6.8.0
-
cpe:2.3:a:check_smart_project:check_smart:6.9.0