The Device42 Main Appliance before 17.05.01 does not sanitize user input in its Nmap Discovery utility. An attacker (with permissions to add or edit jobs run by this utility) can inject an extra argument to overwrite arbitrary files as the root user on the Remote Collector.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2021-09-17T14:45:53
Updated: 2024-08-04T03:08:31.942Z
Reserved: 2021-09-17T00:00:00
Link: CVE-2021-41316
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-09-17T15:15:07.957
Modified: 2024-11-21T06:26:02.520
Link: CVE-2021-41316
Redhat
No data.