7.1

CVE-2021-26274

Exploit
The Agent in NinjaRMM 5.0.909 has Insecure Permissions.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NinjarmmNinjarmm Version5.0.909 SwPlatformwindows
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.37% 0.281
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.1 1.8 5.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
nvd@nist.gov 3.6 3.9 4.9
AV:L/AC:L/Au:N/C:N/I:P/A:P
CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

https://improsec.com/tech-blog/privilege-escalation-vulnerability-in-ninjarmm
Third Party Advisory
Exploit
https://www.ninjarmm.com
Vendor Advisory
Product
https://www.ninjarmm.com/blog/cve-2021-26273-cve-2021-26274/
Vendor Advisory