VEXID-138274
Published 2021-12-01 02:15:00
Last Modified 2021-12-02 13:37:00
AKA CVE-2021-43359
Summary Sunnet eHRD has broken access control vulnerability, which allows a remote attacker to access account management page after being authenticated as a general user, then perform privilege escalation to execute arbitrary code and control the system or interrupt services.
CVSS Score 9
CVSS
Access Vector Local Adjacent Network
Access Complexity Low Medium High
Authentication None Single Multiple
Confidentiality None Partial Complete
Integrity None Partial Complete
Availability None Partial Complete