CVE-2021-28271

September 23, 2021

Soyal Technologies SOYAL 701Server 9.0.1 suffers from an elevation of privileges vulnerability which can be used by an authenticated user to change the executable file with a binary choice. The vulnerability is due to improper permissions with the ‘F’ flag (Full) for ‘Everyone’and ‘Authenticated Users’ group.

Summary:

Soyal Technologies SOYAL 701Server 9.0.1 suffers from an elevation of privileges vulnerability which can be used by an authenticated user to change the executable file with a binary choice. The vulnerability is due to improper permissions with the ‘F’ flag (Full) for ‘Everyone’and ‘Authenticated Users’ group.

Reference Links(if available):

  • https://www.exploit-db.com/exploits/49678
  • https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5633.php
  • https://www.zeroscience.mk/en/vulnerabilities

  • CVSS Score (if available)

    v2: / MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P

    v3: / HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

    Links to Exploits(if available)

  • You may have missed

    CISA Logo

    CISA: Fortinet Updates Guidance and Indicators of Compromise following FortiManager Vulnerability Exploitation

    November 22, 2024
    CISA Logo

    CISA: JCDC’s Industry-Government Collaboration Speeds Mitigation of CrowdStrike IT Outage

    November 22, 2024
    CISA Logo

    CISA: CISA Releases Three Industrial Control Systems Advisories

    November 22, 2024
    CISA Logo

    CISA: CISA Releases Four Industrial Control Systems Advisories

    November 22, 2024
    CISA Logo

    CISA: Foreign Threat Actor Conducting Large-Scale Spear-Phishing Campaign with RDP Attachments

    November 22, 2024