Directory Traversal Vulnerability in Luxion KeyShot and KeyVR Products
CVE-2021-22651

7.8HIGH

Key Information:

Vendor: Luxion
Status: Luxion Keyshot Versions; Luxion Keyshot Viewer; Luxion Keyshot Network Rendering; Luxion Keyvr
Vendor: CVE Published:; 23 February 2021

Summary

Luxion KeyShot and KeyVR products have a directory traversal vulnerability that can be exploited when processing specially crafted files. This flaw permits attackers to store arbitrary scripts in automatic startup folders, allowing unauthorized execution of code. Users are advised to update to version 10.1 or later to mitigate this risk.

Affected Version(s)

Luxion KeyShot versions prior to 10.1

Luxion KeyShot Network Rendering versions prior to 10.1

Luxion KeyShot Viewer versions prior to 10.1

References

https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01

x_refsource_MISC

https://cert-portal.siemens.com/productcert/pdf/ssa-23121...

x_refsource_CONFIRM

https://www.zerodayinitiative.com/advisories/ZDI-21-324/

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 23, 2021
Vulnerability Reserved
Jan 5, 2021

.

CVE-2021-22651 : Directory Traversal Vulnerability in Luxion KeyShot and KeyVR Products | SecurityVulnerability.io