nvd-json-data-feeds/CVE-2021/CVE-2021-423xx/CVE-2021-42372.json

{
  "id": "CVE-2021-42372",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2021-11-08T05:15:07.827",
  "lastModified": "2022-09-03T03:39:51.120",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "A shell command injection in the HW Events SNMP community in XoruX LPAR2RRD and STOR2RRD before 7.30 allows authenticated remote attackers to execute arbitrary shell commands as the user running the service."
    },
    {
      "lang": "es",
      "value": "Una inyecci\u00f3n de comandos de shell en la comunidad HW Events SNMP en XoruX LPAR2RRD y STOR2RRD versiones anteriores a 7.30 permite a atacantes remotos autenticados ejecutar comandos de shell arbitrarios como el usuario que ejecuta el servicio"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "SINGLE",
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:xorux:lpar2rrd:*:*:*:*:*:*:*:*",
              "versionEndExcluding": "7.30",
              "matchCriteriaId": "DE900D73-0FCC-4EC3-96C8-B8EF6E7E080C"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:xorux:stor2rrd:*:*:*:*:*:*:*:*",
              "versionEndExcluding": "7.30",
              "matchCriteriaId": "9A2AFD8C-75D4-417D-ABE5-E8383D316645"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-xfw3-pgp3-5j2p",
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://lpar2rrd.com/note730.php",
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://stor2rrd.com/note730.php",
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ]
    }
  ]
}