Main Vulnerability Database SB2021030106

SB2021030106 - Privilege escalation in ProSoft Technology ICX35

Published: March 1, 2021

Security Bulletin ID SB2021030106

CSH Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2021-22661)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Amber

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to changing the password on the module webpage does not require the user to type in the current password first. A remote attacker can change the current user’s password and alter device configurations.

Remediation

Install update from vendor's website.

References

https://us-cert.cisa.gov/ics/advisories/icsa-21-056-04