CVE-2021-26625
Last modified
CVE-2021-26625 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. Insufficient Verification of input Data leading to arbitrary file download and execute was discovered in Nexacro platform. This vulnerability is caused by an automatic update function that does not verify input data except version information. EPSS estimates a 0.59% chance of exploitation in the next 30 days.
Description
Insufficient Verification of input Data leading to arbitrary file download and execute was discovered in Nexacro platform. This vulnerability is caused by an automatic update function that does not verify input data except version information. Remote attackers can use this incomplete validation logic to download and execute arbitrary malicious file.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Tobesoft | Nexacro | >= 17.0.0, < 17.1.3.700 |
References
- https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66661Third Party Advisory
- https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66661Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-26625?
How severe is CVE-2021-26625?
How do I fix CVE-2021-26625?
Are you affected by CVE-2021-26625?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST