← Volver a CVEs
CVE-2021-39392
CRITICAL9.8
Descripcion
The management tool in MyLittleBackup up to and including 1.7 allows remote attackers to execute arbitrary code because machineKey is hardcoded (the same for all customers' installations) in web.config, and can be used to send serialized ASP code.
Detalles CVE
Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado9/15/2021
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
mylittletools:mylittlebackup
Debilidades (CWE)
CWE-502
Referencias
http://www.mylittlebackup.com/mlb/zip/mlb_1.7.zip(cve@mitre.org)
http://www.mylittlebackup.com/mlb/zip/mlb_1.7.zip(af854a3a-2127-422b-91ae-364da2661108)
https://gist.github.com/omriinbar/65827626e63f15e3e50557e2d9d61281(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.