CVE-2021-29100
Last modified
CVE-2021-29100 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. A path traversal vulnerability exists in Esri ArcGIS Earth versions 1.11.0 and below which allows arbitrary file creation on an affected system through crafted input. An attacker could exploit this vulnerability to gain arbitrary code execution under security context of the user running ArcGIS Earth by inducing the user to upload a crafted file to an affected system.. EPSS estimates a 1.14% chance of exploitation in the next 30 days.
Description
A path traversal vulnerability exists in Esri ArcGIS Earth versions 1.11.0 and below which allows arbitrary file creation on an affected system through crafted input. An attacker could exploit this vulnerability to gain arbitrary code execution under security context of the user running ArcGIS Earth by inducing the user to upload a crafted file to an affected system.
Metrics
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Esri | Arcgis Earth | <= 1.11.0 |
References
- https://www.esri.com/arcgis-blog/products/arcgis-earth/administration/arcgis-earth-security-updateRelease Notes, Vendor Advisory
- https://www.esri.com/arcgis-blog/products/arcgis-earth/administration/arcgis-earth-security-updateRelease Notes, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-29100?
How severe is CVE-2021-29100?
How do I fix CVE-2021-29100?
Are you affected by CVE-2021-29100?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST