Improper Access Control in CALDERA 2.8.1 by DrunkenShells
CVE-2021-42562

8.1HIGH

Key Information:

Vendor: Mitre
Status: Caldera
Vendor: CVE Published:; 12 January 2022

Badges

👾 Exploit Exists

What is CVE-2021-42562?

In CALDERA version 2.8.1, a vulnerability exists due to insufficient segregation of user privileges. This flaw allows non-administrative users to read and modify configuration settings and other critical components that should be restricted to administrative access. Effective security practices are compromised as unauthorized users can intervene where they shouldn’t be able to, leading to potential exploitation and data leakage.

References

https://github.com/mitre/caldera/releases

x_refsource_MISC

https://github.com/DrunkenShells/Disclosures/tree/master/...

x_refsource_MISC

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Jun 10, 2024
👾
Exploit known to exist
Jun 10, 2024
Vulnerability published
Jan 12, 2022
Vulnerability Reserved
Oct 18, 2021

Mitre

Badges

What is CVE-2021-42562?

References

CVSS V3.1

Timeline