admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2021/CVE-2021-335xx/CVE-2021-33526.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

135 lines
4.0 KiB
JSON
Raw Blame History

{
"id": "CVE-2021-33526",
"sourceIdentifier": "info@cert.vde.com",
"published": "2021-08-02T11:15:11.223",
"lastModified": "2021-08-10T17:36:30.123",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In MB connect line mbDIALUP versions <= 3.9R0.0 a low privileged local attacker can send a command to the service running with NT AUTHORITY\\SYSTEM instructing it to execute a malicous OpenVPN configuration resulting in arbitrary code execution with the privileges of the service."
},
{
"lang": "es",
"value": "En MB connect line mbDIALUP versiones anteriores a 3.9R0.0 incluy\u00e9ndola, un atacante local con pocos privilegios puede enviar un comando al servicio que se ejecuta con NT AUTHORITY\\SYSTEM indic\u00e1ndole que ejecute una configuraci\u00f3n OpenVPN maliciosa resultando en una ejecuci\u00f3n de c\u00f3digo arbitrario con los privilegios del servicio"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "info@cert.vde.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector": "LOCAL",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2
},
"baseSeverity": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
},
{
"source": "info@cert.vde.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mbconnectline:mbdialup:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.9r0.0",
"matchCriteriaId": "C0769704-3781-41C1-B70E-AE4B53CDFCA6"
}
]
}
]
}
],
"references": [
{
"url": "https://cert.vde.com/de-de/advisories/vde-2021-017",
"source": "info@cert.vde.com",
"tags": [
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink