CVE-2021-42338

CRITICAL

9.8

Description

4MOSAn GCB Doctor’s login page has improper validation of Cookie, which allows an unauthenticated remote attacker to bypass authentication by code injection in cookie, and arbitrarily manipulate the system or interrupt services by upload and execution of arbitrary files.

CVE Details

CVSS v3.1 Score9.8

SeverityCRITICAL

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredNONE

User InteractionNONE

Published11/19/2021

Last Modified11/21/2024

Sourcenvd

Honeypot Sightings0

Affected Products

4mosan:gcb_doctor

Weaknesses (CWE)

CWE-285CWE-287

References

https://www.twcert.org.tw/tw/cp-132-5313-45bde-1.html(twcert@cert.org.tw)

https://www.twcert.org.tw/tw/cp-132-5313-45bde-1.html(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.