Vulnerability Details CVE-2021-42855
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent (DSA) uses the ".debug_command.config" file to store a json string that contains a list of IDs and pre-configured commands. The config file is subsequently used by the "/api/appInternals/1.0/agent/configuration" API to map the corresponding ID to a command to be executed.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 11.5%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 4.6
References
- https://aternity.force.com/customersuccess/s/article/Local-privilege-escalation-due-to-misconfigured-write-permission-on-debug-command-config-file-CVE-2021-42855
- https://aternity.force.com/customersuccess/s/article/Local-privilege-escalation-due-to-misconfigured-write-permission-on-debug-command-config-file-CVE-2021-42855
Products affected by CVE-2021-42855
-
cpe:2.3:a:riverbed:steelcentral_appinternals_dynamic_sampling_agent:10.0.0
-
cpe:2.3:a:riverbed:steelcentral_appinternals_dynamic_sampling_agent:11.0.0
-
cpe:2.3:a:riverbed:steelcentral_appinternals_dynamic_sampling_agent:12.0.0