Command Injection in MISP Opendata Export Feature by ThreatConnect
CVE-2021-41326

9.8CRITICAL

Key Information:

Vendor: Misp
Status: Misp
Vendor: CVE Published:; 17 September 2021

What is CVE-2021-41326?

A command injection vulnerability exists in the MISP (Malware Information Sharing Platform) affecting versions prior to 2.4.148. The issue arises from improper handling of parameter data in the Opendata export functionality, specifically within the app/Lib/Export/OpendataExport.php file. Maliciously crafted input can be processed in an unsafe manner, allowing for the execution of arbitrary shell commands. This situation poses a significant risk to system integrity and confidentiality, necessitating prompt updates to mitigate the issue.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/MISP/MISP/commit/e36f73947e741bc97320f...

https://github.com/MISP/MISP/compare/v2.4.147...v2.4.148

https://zigrin.com/advisories/misp-command-injection-vuln...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 17, 2021
Vulnerability Reserved
Sep 17, 2021

JSON

Misp

What is CVE-2021-41326?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.