Lucene search

K
cveMitreCVE-2021-42324
HistoryApr 05, 2022 - 2:15 a.m.

CVE-2021-42324

2022-04-0502:15:06
CWE-78
mitre
web.nvd.nist.gov
49
cve-2021-42324
dcn
digital china networks
s4600-10p-si
r0241.0470
security vulnerability
improper parameter validation
sandbox escape
authenticated attacker
system command execution
shell metacharacters

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.4

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

0.001

Percentile

28.0%

An issue was discovered on DCN (Digital China Networks) S4600-10P-SI devices before R0241.0470. Due to improper parameter validation in the console interface, it is possible for a low-privileged authenticated attacker to escape the sandbox environment and execute system commands as root via shell metacharacters in the capture command parameters. Command output will be shown on the Serial interface of the device. Exploitation requires both credentials and physical access.

Affected configurations

Nvd
Node
dcnglobals4600-10p-siMatch-
AND
dcnglobals4600-10p-si_firmwareRanger0241.0370r0241.0470
VendorProductVersionCPE
dcnglobals4600-10p-si-cpe:2.3:h:dcnglobal:s4600-10p-si:-:*:*:*:*:*:*:*
dcnglobals4600-10p-si_firmware*cpe:2.3:o:dcnglobal:s4600-10p-si_firmware:*:*:*:*:*:*:*:*

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.4

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

0.001

Percentile

28.0%

Related for CVE-2021-42324