CVE-2021-29093 - OpenCVE

A use-after-free vulnerability when parsing a specially crafted file in Esri ArcGIS Server 10.8.1 (and earlier) allows an authenticated attacker with specialized permissions to achieve arbitrary code execution in the context of the service account.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:S/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Esri	Arcgis Server

Configuration 1 [-]

cpe:2.3:a:esri:arcgis_server:*:*:*:*:*:*:*:*

References

Link	Resource
https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/security-advisory-server-image	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Esri

Published: 2021-03-16T00:00:00

Updated: 2021-03-25T20:32:06

Reserved: 2021-03-23T00:00:00

Link: CVE-2021-29093

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-03-25T21:15:13.167

Modified: 2024-02-23T19:38:24.760

Link: CVE-2021-29093

JSON object: View

Redhat Information

No data.

CWE

CWE-416

{"containers": {"cna": {"affected": [{"platforms": ["x64 "], "product": "ArcGIS Server", "vendor": "Esri ", "versions": [{"lessThanOrEqual": "10.9", "status": "affected", "version": "All", "versionType": "custom"}]}], "datePublic": "2021-03-16T00:00:00", "descriptions": [{"lang": "en", "value": "A use-after-free vulnerability when parsing a specially crafted file in Esri ArcGIS Server 10.8.1 (and earlier) allows an authenticated attacker with specialized permissions to achieve arbitrary code execution in the context of the service account."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-03-25T20:32:06", "orgId": "cedc17bb-4939-4f40-a1f4-30ae8af1094e", "shortName": "Esri"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/security-advisory-server-image"}], "source": {"discovery": "INTERNAL"}, "title": "ArcGIS Server image service and raster analytics security update: use-after-free", "x_generator": {"engine": "Vulnogram 0.0.8"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@esri.com", "DATE_PUBLIC": "2021-03-16T04:00:00.000Z", "ID": "CVE-2021-29093", "STATE": "PUBLIC", "TITLE": "ArcGIS Server image service and raster analytics security update: use-after-free"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "ArcGIS Server", "version": {"version_data": [{"platform": "x64 ", "version_affected": "<=", "version_name": "All", "version_value": "10.9"}]}}]}, "vendor_name": "Esri "}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A use-after-free vulnerability when parsing a specially crafted file in Esri ArcGIS Server 10.8.1 (and earlier) allows an authenticated attacker with specialized permissions to achieve arbitrary code execution in the context of the service account."}]}, "generator": {"engine": "Vulnogram 0.0.8"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-416 Use After Free"}]}]}, "references": {"reference_data": [{"name": "https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/security-advisory-server-image", "refsource": "CONFIRM", "url": "https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/security-advisory-server-image"}]}, "source": {"discovery": "INTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "cedc17bb-4939-4f40-a1f4-30ae8af1094e", "assignerShortName": "Esri", "cveId": "CVE-2021-29093", "datePublished": "2021-03-16T00:00:00", "dateReserved": "2021-03-23T00:00:00", "dateUpdated": "2021-03-25T20:32:06", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:esri:arcgis_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "3ABA4B71-7460-4EA5-B432-C75B4090D1F7", "versionEndIncluding": "10.8.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A use-after-free vulnerability when parsing a specially crafted file in Esri ArcGIS Server 10.8.1 (and earlier) allows an authenticated attacker with specialized permissions to achieve arbitrary code execution in the context of the service account."}, {"lang": "es", "value": "Una vulnerabilidad de uso de la memoria previamente liberada cuando se analiza un archivo especialmente dise\u00f1ado en Esri ArcGIS Server versiones 10.8.1 (y anteriores), permite a un atacante autenticado con permisos especializados lograr una ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto de la cuenta de servicio"}], "id": "CVE-2021-29093", "lastModified": "2024-02-23T19:38:24.760", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 0.5, "impactScore": 5.9, "source": "psirt@esri.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-03-25T21:15:13.167", "references": [{"source": "psirt@esri.com", "tags": ["Vendor Advisory"], "url": "https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/security-advisory-server-image"}], "sourceIdentifier": "psirt@esri.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-416"}], "source": "psirt@esri.com", "type": "Secondary"}]}