Input validation error - CVE-2021-35108

 

Input validation error - CVE-2021-35108

Published: June 7, 2022 / Updated: August 2, 2022


Vulnerability identifier: #VU64041
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-35108
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor:
Affected software:

Detailed vulnerability description

The vulnerability allows a local attacker to execute arbitrary code on the system.

The vulnerability exists due to improper checking of AP-S lock bit while verifying the secure resource group permissions in Core. An attacker with physical access can pass specially crafted input to the application and execute arbitrary code on the target system.


How to mitigate CVE-2021-35108

Install updates from vendor's website.

Sources