CVE-2021-26606

EPSS 0.49%
Veröffentlicht 06.08.2021 15:15:08
Zuletzt bearbeitet 21.11.2024 05:56:34
Quelle vuln@krcert.or.kr
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability in PKI Security Solution of Dream Security could allow arbitrary command execution. This vulnerability is due to insufficient validation of the authorization certificate. An attacker could exploit this vulnerability by sending a crafted HTTP request an affected program. A successful exploit could allow the attacker to remotely execute arbitrary code on a target system.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Dreamsecurity ≫ Magicline4nx.Exe Version <= 1.0.0.17

Microsoft ≫ Windows Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.49%	0.645

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C
vuln@krcert.or.kr	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36174

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-26606

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-26606

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-26606

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2021-26606