Insecure File Creation in Splashtop Streamer by Splashtop
CVE-2021-42712

7.8HIGH

Key Information:

Vendor: Splashtop
Status: Streamer
Vendor: CVE Published:; 15 February 2022

What is CVE-2021-42712?

Splashtop Streamer allows the creation of temporary files in a directory with insecure permissions, leading to potential unauthorized access and exploitation. This vulnerability affects versions up to 3.4.8.3, emphasizing the need for users to ensure that directory permissions are properly configured to mitigate any risk of unauthorized file access.

References

https://www.splashtop.com/security

x_refsource_MISC

https://github.com/mandiant/Vulnerability-Disclosures/blo...

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 15, 2022
Vulnerability Reserved
Oct 19, 2021