CVE-2021-33721
Last modified
CVE-2021-33721 is a high-severity vulnerability rated 7.2/10 on the CVSS scale. A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2). The affected application incorrectly neutralizes special elements when creating batch operations which could lead to command injection. EPSS estimates a 2.67% chance of exploitation in the next 30 days.
Description
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2). The affected application incorrectly neutralizes special elements when creating batch operations which could lead to command injection. An authenticated remote attacker with administrative privileges could exploit this vulnerability to execute arbitrary code on the system with system privileges.
Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Sinec Network Management System | < 1.0 |
| Siemens | Sinec Network Management System | 1.0 |
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-756744.pdfPatch, Vendor Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-756744.pdfPatch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-33721?
How severe is CVE-2021-33721?
How do I fix CVE-2021-33721?
Are you affected by CVE-2021-33721?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST