Unquoted Path (SMB Login) Vulnerability
CVE-2021-35231

6.7MEDIUM

Key Information:

Vendor: Solarwinds
Status: Kiwi Syslog Server
Vendor: CVE Published:; 19 October 2021

What is CVE-2021-35231?

As a result of an unquoted service path vulnerability present in the Kiwi Syslog Server Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path of the affected service or uninstall entry. Example vulnerable path: "Computer\HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Kiwi Syslog Server\Parameters\Application".

Affected Version(s)

Kiwi Syslog Server 9.7.2 and previous versions < 9.8

References

https://www.solarwinds.com/trust-center/security-advisori...

x_refsource_MISC

https://documentation.solarwinds.com/en/success_center/ks...

x_refsource_MISC

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 19, 2021
Vulnerability Reserved
Jun 22, 2021

JSON

Solarwinds

What is CVE-2021-35231?

Affected Version(s)

References

CVSS V3.1

Timeline