Handler on Duty: Xavier Mertens
Threat Level: green
Published | 2021-11-30 19:15:00 |
---|---|
Last Modified | 2021-12-01 19:46:00 |
AKA | CVE-2021-26612 |
Summary | An improper input validation leading to arbitrary file creation was discovered in copy method of Nexacro platform. Remote attackers use copy method to execute arbitrary command after the file creation included malicious code. |
CVSS Score | 7.5 |
Access Vector | Local | Adjacent | Network |
---|---|---|---|
Access Complexity | Low | Medium | High |
Authentication | None | Single | Multiple |
Confidentiality | None | Partial | Complete |
Integrity | None | Partial | Complete |
Availability | None | Partial | Complete |