nvd-json-data-feeds/CVE-2021/CVE-2021-410xx/CVE-2021-41067.json

{
  "id": "CVE-2021-41067",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2021-12-14T16:15:09.103",
  "lastModified": "2021-12-17T18:39:40.447",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Listary through 6. Improper implementation of the update process leads to the download of software updates with a /check-update HTTP-based connection. This can be exploited with MITM techniques. Together with the lack of package validation, it can lead to manipulation of update packages that can cause an installation of malicious content."
    },
    {
      "lang": "es",
      "value": "Se ha detectado un problema en Listary versiones hasta 6. La implementaci\u00f3n inapropiada del proceso de actualizaci\u00f3n conduce a la descarga de actualizaciones de software con una conexi\u00f3n basada en HTTP /check-update. Esto puede ser explotado con t\u00e9cnicas de tipo MITM. Junto con la falta de comprobaci\u00f3n de paquetes, puede llevar a la manipulaci\u00f3n de los paquetes de actualizaci\u00f3n que puede causar una instalaci\u00f3n de contenido malicioso"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "HIGH",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
          "accessVector": "NETWORK",
          "accessComplexity": "HIGH",
          "authentication": "NONE",
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.6
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 4.9,
        "impactScore": 10.0,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": true
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-354"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:listary:listary:*:*:*:*:*:*:*:*",
              "versionEndIncluding": "6",
              "matchCriteriaId": "EAE1DA9A-E743-47E1-AB4E-4BBD974DBE20"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://medium.com/@tomerp_77017/exploiting-listary-searching-your-way-to-system-privileges-8175af676c3e",
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://www.listary.com/download",
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}