Command Injection Vulnerability in CALDERA by MITRE
CVE-2021-42559

8.8HIGH

Key Information:

Vendor: Mitre
Status: Caldera
Vendor: CVE Published:; 12 January 2022

Badges

👾 Exploit Exists

What is CVE-2021-42559?

A vulnerability exists in CALDERA 2.8.1 where multiple startup 'requirements' can execute commands upon server initialization. Because these commands are modifiable through the REST API, an authenticated user can manipulate this feature to execute arbitrary commands by altering the necessary configurations, leading to potential unauthorized access or system manipulation.

References

https://github.com/mitre/caldera/releases

x_refsource_MISC

https://github.com/DrunkenShells/Disclosures/tree/master/...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Jun 10, 2024
👾
Exploit known to exist
Jun 10, 2024
Vulnerability published
Jan 12, 2022
Vulnerability Reserved
Oct 18, 2021

Mitre

Badges

What is CVE-2021-42559?

References

CVSS V3.1

Timeline