Insecure Temporary File Permissions in Splashtop Remote Client Business Edition
CVE-2021-42714

7.8HIGH

Key Information:

Vendor: Splashtop
Status: Splashtop
Vendor: CVE Published:; 15 February 2022

What is CVE-2021-42714?

The Splashtop Remote Client (Business Edition) prior to version 3.4.8.3 contains a vulnerability that allows for the creation of a temporary file within a directory that has insecure permissions. This flaw could potentially be exploited to execute unauthorized actions, compromising the security of the system and exposing sensitive data. Users of affected versions are encouraged to upgrade to mitigate the risk associated with this vulnerability.

References

https://www.splashtop.com/security

x_refsource_MISC

https://github.com/mandiant/Vulnerability-Disclosures/blo...

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 15, 2022
Vulnerability Reserved
Oct 19, 2021