A function in MDT AutoSave versions prior to v6.02.06 is used to retrieve system information for a specific process, and this information collection executes multiple commands and summarizes the information into an XML. This function and subsequent process gives full path to the executable and is therefore vulnerable to binary hijacking.
References
Link | Resource |
---|---|
https://www.cisa.gov/uscert/ics/advisories/icsa-21-189-02 | Mitigation Third Party Advisory US Government Resource |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: icscert
Published: 2022-04-01T22:17:08
Updated: 2022-04-01T22:17:08
Reserved: 2021-05-13T00:00:00
Link: CVE-2021-32957
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-04-01T23:15:09.757
Modified: 2022-04-11T17:19:06.740
Link: CVE-2021-32957
JSON object: View
Redhat Information
No data.
CWE