CVE-2021-28271

September 23, 2021

Soyal Technologies SOYAL 701Server 9.0.1 suffers from an elevation of privileges vulnerability which can be used by an authenticated user to change the executable file with a binary choice. The vulnerability is due to improper permissions with the ‘F’ flag (Full) for ‘Everyone’and ‘Authenticated Users’ group.

Summary:

Soyal Technologies SOYAL 701Server 9.0.1 suffers from an elevation of privileges vulnerability which can be used by an authenticated user to change the executable file with a binary choice. The vulnerability is due to improper permissions with the ‘F’ flag (Full) for ‘Everyone’and ‘Authenticated Users’ group.

Reference Links(if available):

  • https://www.exploit-db.com/exploits/49678
  • https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5633.php
  • https://www.zeroscience.mk/en/vulnerabilities

  • CVSS Score (if available)

    v2: / MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P

    v3: / HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

    Links to Exploits(if available)

  • Tags: , , , ,

    You may have missed

    Sliver C2

    Sliver C2 Detected – 168[.]138[.]179[.]33:31337

    May 8, 2024
    Sliver C2

    Sliver C2 Detected – 170[.]64[.]249[.]50:31337

    May 8, 2024
    alerts

    Critical Vulnerability in Tinyproxy Instances

    May 8, 2024
    image 6

    INC Ransom Ransomware Victim: Pifer’s Auction & Realty

    May 8, 2024
    image 6

    INC Ransom Ransomware Victim: It4 Solutions Robras Corp

    May 8, 2024