CVE-2021-42952

EPSS 2.85%
Published 25.02.2022 20:15:08
Last modified 21.11.2024 06:28:19
Source cve@mitre.org
Teams watchlist Login
Open Login

Zepl Notebooks before 2021-10-25 are affected by a sandbox escape vulnerability. Upon launching Remote Code Execution from the Notebook, users can then use that to subsequently escape the running context sandbox and proceed to access internal Zepl assets including cloud metadata services.

Affected products Warnungen 0 Metrics 3 CWE 0 References 5

Data is provided by the National Vulnerability Database (NVD)

Zepl ≫ Zepl Version < 2021-10-25

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	2.85%	0.849

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.9	3.1	6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

http://zepl.com

Vendor Advisory

Product

https://seclists.org/fulldisclosure/2022/Feb/32

Third Party Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2021-42952

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-42952

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-42952

EUVD