← Back to CVEs
CVE-2021-42952
CRITICAL9.9
Description
Zepl Notebooks before 2021-10-25 are affected by a sandbox escape vulnerability. Upon launching Remote Code Execution from the Notebook, users can then use that to subsequently escape the running context sandbox and proceed to access internal Zepl assets including cloud metadata services.
CVE Details
CVSS v3.1 Score9.9
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
Published2/25/2022
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
zepl:zepl
References
http://zepl.com(cve@mitre.org)
https://seclists.org/fulldisclosure/2022/Feb/32(cve@mitre.org)
http://zepl.com(af854a3a-2127-422b-91ae-364da2661108)
https://seclists.org/fulldisclosure/2022/Feb/32(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.