Main Vulnerability Database Vulnerabilities #VU59088

#VU59088 Path traversal in Garrett Metal Detectors iC Module CMA - CVE-2021-21904

Published: December 22, 2021

Vulnerability identifier: #VU59088

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2021-21904

CWE-ID: CWE-22

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Garrett Metal Detectors iC Module CMA

Software vendor:
Garrett Metal Detectors

Description

The vulnerability allows a local user to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing CLI setenv command arguments. A local user can run a specially crafted command to overwrite arbitrary files on the system.

Successful exploitation of the vulnerability may allow an attacker to escalate privileges on the system.

Remediation

Install update from vendor's website.

External links

https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1356

#VU59088 Path traversal in Garrett Metal Detectors iC Module CMA - CVE-2021-21904

Description

Remediation

External links

Please verify you're human