CVE-2021-42559 Information

Description

An issue was discovered in CALDERA 2.8.1. It contains multiple startup equirements\ that execute commands when starting the server. Because these commands can be changed via the REST API an authenticated user can insert arbitrary commands that will execute when the server is restarted.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

https://github.com/mitre/caldera/releases https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2021-42559-Command%20Injection%20Via%20Configurations-MITRE%20Caldera

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.8