CVE-2021-38142
Last modified
CVE-2021-38142 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. Barco MirrorOp Windows Sender before 2.5.3.65 uses cleartext HTTP and thus allows rogue software upgrades. An attacker on the local network can achieve remote code execution on any computer that tries to update Windows Sender due to the fact that the upgrade mechanism is not secured (is not protected with TLS).. EPSS estimates a 0.46% chance of exploitation in the next 30 days.
Description
Barco MirrorOp Windows Sender before 2.5.3.65 uses cleartext HTTP and thus allows rogue software upgrades. An attacker on the local network can achieve remote code execution on any computer that tries to update Windows Sender due to the fact that the upgrade mechanism is not secured (is not protected with TLS).
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Barco | Mirrorop Windows Sender | < 2.5.3.65 |
References
- https://www.barco.com/en/support/cmsVendor Advisory
- https://www.barco.com/en/support/software/R33050099?majorVersion=2&minorVersion=5&patchVersion=3&buildVersion=65Release Notes, Vendor Advisory
- https://www.barco.com/en/support/cmsVendor Advisory
- https://www.barco.com/en/support/software/R33050099?majorVersion=2&minorVersion=5&patchVersion=3&buildVersion=65Release Notes, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-38142?
How severe is CVE-2021-38142?
How do I fix CVE-2021-38142?
Are you affected by CVE-2021-38142?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST