nvd-json-data-feeds/CVE-2021/CVE-2021-317xx/CVE-2021-31769.json

{
  "id": "CVE-2021-31769",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2021-06-21T11:15:07.797",
  "lastModified": "2021-06-28T13:59:00.683",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "MyQ Server in MyQ X Smart before 8.2 allows remote code execution by unprivileged users because administrative session data can be read in the %PROGRAMFILES%\\MyQ\\PHP\\Sessions directory. The \"Select server file\" feature is only intended for administrators but actually does not require authorization. An attacker can inject arbitrary OS commands (such as commands to create new .php files) via the Task Scheduler component."
    },
    {
      "lang": "es",
      "value": "MyQ Server en MyQ X Smart versiones anteriores a 8.2, permite una ejecuci\u00f3n de c\u00f3digo remota por parte de usuarios no privilegiados porque los datos de la sesi\u00f3n administrativa pueden ser le\u00eddos en el directorio %PROGRAMFILES%\\MyQ\\PHP\\Sessions. La funcionalidad \"Select server file\" est\u00e1 destinada \u00fanicamente a administradores, pero en realidad no requiere autorizaci\u00f3n. Un atacante puede inyectar comandos arbitrarios del Sistema Operativo (como comandos para crear nuevos archivos .php) por medio del componente Task Scheduler"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "SINGLE",
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:myq-solution:myq_server:*:*:*:*:*:*:*:*",
              "versionEndExcluding": "8.2",
              "matchCriteriaId": "D171CDFE-0B54-4816-B407-BA332A4F23B5"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://gist.github.com/bc0d3/6d55866a78f66569383241406e18794f",
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    }
  ]
}