CVE-2021-27197
Last modified
CVE-2021-27197 is a high-severity vulnerability rated 8.1/10 on the CVSS scale. DSUtility.dll in Pelco Digital Sentry Server before 7.19.67 has an arbitrary file write vulnerability. The AppendToTextFile method doesn't check if it's being called from the application or from a malicious user. EPSS estimates a 0.79% chance of exploitation in the next 30 days.
Description
DSUtility.dll in Pelco Digital Sentry Server before 7.19.67 has an arbitrary file write vulnerability. The AppendToTextFile method doesn't check if it's being called from the application or from a malicious user. The vulnerability is triggered when a remote attacker crafts an HTML page (e.g., with "OBJECT classid=" and "<SCRIPT language='vbscript'>") to overwrite arbitrary files.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Pelco | Digital Sentry Server | < 7.19.67 |
References
- https://github.com/vitorespf/Advisories/blob/master/Pelco_Digital_Sentry_Server_AFW.txtExploit, Third Party Advisory
- https://support.pelco.com/s/article/What-is-the-Digital-Sentry-software-release-revision-historyRelease Notes, Vendor Advisory
- https://github.com/vitorespf/Advisories/blob/master/Pelco_Digital_Sentry_Server_AFW.txtExploit, Third Party Advisory
- https://support.pelco.com/s/article/What-is-the-Digital-Sentry-software-release-revision-historyRelease Notes, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-27197?
How severe is CVE-2021-27197?
How do I fix CVE-2021-27197?
Are you affected by CVE-2021-27197?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST