Vulnerability Details CVE-2021-42561
An issue was discovered in CALDERA 2.8.1. When activated, the Human plugin passes the unsanitized name parameter to a python "os.system" function. This allows attackers to use shell metacharacters (e.g., backticks "``" or dollar parenthesis "$()" ) in order to escape the current command and execute arbitrary shell commands.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.024
EPSS Ranking 84.3%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 9.0
References
- https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2021-42561-Command%20Injection%20Via%20the%20Human%20Plugin-MITRE%20Caldera
- https://github.com/mitre/caldera/releases
- https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2021-42561-Command%20Injection%20Via%20the%20Human%20Plugin-MITRE%20Caldera
- https://github.com/mitre/caldera/releases
Products affected by CVE-2021-42561
-
cpe:2.3:a:mitre:caldera:2.0.0
-
cpe:2.3:a:mitre:caldera:2.1.0
-
cpe:2.3:a:mitre:caldera:2.2.0
-
cpe:2.3:a:mitre:caldera:2.3.0
-
cpe:2.3:a:mitre:caldera:2.3.1
-
cpe:2.3:a:mitre:caldera:2.3.2
-
cpe:2.3:a:mitre:caldera:2.4.0
-
cpe:2.3:a:mitre:caldera:2.5.0
-
cpe:2.3:a:mitre:caldera:2.5.1
-
cpe:2.3:a:mitre:caldera:2.6.0
-
cpe:2.3:a:mitre:caldera:2.6.1
-
cpe:2.3:a:mitre:caldera:2.6.2
-
cpe:2.3:a:mitre:caldera:2.6.3
-
cpe:2.3:a:mitre:caldera:2.6.4
-
cpe:2.3:a:mitre:caldera:2.6.5
-
cpe:2.3:a:mitre:caldera:2.6.6
-
cpe:2.3:a:mitre:caldera:2.7.0
-
cpe:2.3:a:mitre:caldera:2.8.0
-
cpe:2.3:a:mitre:caldera:2.8.1