CVE-2021-42855 Information

Jun 07, 2022 cve

Description

It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent (DSA) uses the .debug_command.config\ file to store a json string that contains a list of IDs and pre-configured commands. The config file is subsequently used by the /api/appInternals/1.0/agent/configuration\ API to map the corresponding ID to a command to be executed.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

https://aternity.force.com/customersuccess/s/article/Local-privilege-escalation-due-to-misconfigured-write-permission-on-debug-command-config-file-CVE-2021-42855

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.8

Share on: