CVE-2021-42338

CRITICAL

9.8

Description

4MOSAn GCB Doctor’s login page has improper validation of Cookie, which allows an unauthenticated remote attacker to bypass authentication by code injection in cookie, and arbitrarily manipulate the system or interrupt services by upload and execution of arbitrary files.

Details CVE

Score CVSS v3.19.8

SeveriteCRITICAL

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurNONE

Publie11/19/2021

Derniere modification11/21/2024

Sourcenvd

Observations honeypot0

Produits affectes

4mosan:gcb_doctor

Faiblesses (CWE)

CWE-285CWE-287

References

https://www.twcert.org.tw/tw/cp-132-5313-45bde-1.html(twcert@cert.org.tw)

https://www.twcert.org.tw/tw/cp-132-5313-45bde-1.html(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.