CVE-2021-44159

CRITICAL

9.8

Description

4MOSAn GCB Doctor’s file upload function has improper user privilege control. A remote attacker can upload arbitrary files including webshell files without authentication and execute arbitrary code in order to perform arbitrary system operations or deny of service attack.

CVE Details

CVSS v3.1 Score9.8

SeverityCRITICAL

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredNONE

User InteractionNONE

Published12/20/2021

Last Modified11/21/2024

Sourcenvd

Honeypot Sightings0

Affected Products

4mosan:gcb_doctor

Weaknesses (CWE)

CWE-434

References

https://www.twcert.org.tw/tw/cp-132-5395-eee40-1.html(twcert@cert.org.tw)

https://www.twcert.org.tw/tw/cp-132-5395-eee40-1.html(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.