Local Privilege Escalation in Erlang/OTP Prior to Version 23.2.3
CVE-2021-29221

7HIGH

Key Information:

Vendor: Erlang Project
Status: Erlang/otp
Vendor: CVE Published:; 9 April 2021

🔔 Create Erlang Project Vulnerability Alert

What is CVE-2021-29221?

A local privilege escalation issue has been identified in Erlang/OTP, which affects versions prior to 23.2.3. This vulnerability can be exploited by a local attacker through the manipulation of file permissions within an existing installation's directory. Under certain conditions on the Windows operating system, an attacker may hijack the accounts of other users running Erlang applications or compel a service operating under 'erlsrv.exe' to execute arbitrary code with Local System privileges. The exploitation of this vulnerability necessitates unsafe filesystem permissions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Erlang/OTP < 23.2.3

References

https://github.com/erlang/otp/releases/tag/OTP-23.2.3

x_refsource_MISC

https://deepsurface.com/deepsurface-security-advisory-loc...

x_refsource_MISC

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 9, 2021
Vulnerability Reserved
Mar 25, 2021

JSON

Erlang Project

What is CVE-2021-29221?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.