Lucene search

TalosCVE-2021-40388

HistoryJan 28, 2022 - 8:15 p.m.

CVE-2021-40388

2022-01-2820:15:11

CWE-276

talos

web.nvd.nist.gov

cve-2021-40388

privilege escalation

advantech sq manager server

vulnerability

nt system

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

17.8%

JSON

A privilege escalation vulnerability exists in Advantech SQ Manager Server 1.0.6. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability.

Affected configurations

Nvd

Node

advantechsq_managerMatch1.0.6

VendorProductVersionCPE
advantechsq_manager1.0.6cpe:2.3:a:advantech:sq_manager:1.0.6:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
advantech	sq_manager	1.0.6	cpe:2.3:a:advantech:sq_manager:1.0.6:::::::*

References

talosintelligence.com/vulnerability_reports/TALOS-2021-1399

Social References

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

17.8%

JSON

Related for CVE-2021-40388