CVE-2021-42081 - OpenCVE

An authenticated administrator is allowed to remotely execute arbitrary shell commands via the API.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Osnexus	Quantastor

Configuration 1 [-]

cpe:2.3:a:osnexus:quantastor:*:*:*:*:*:*:*:*

References

Link	Resource
https://csirt.divd.nl/CVE-2021-42081	Third Party Advisory
https://www.divd.nl/DIVD-2021-00020	Broken Link
https://www.osnexus.com/products/software-defined-storage	Product
https://www.wbsec.nl/osnexus	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: DIVD

Published: 2023-07-10T06:29:48.514Z

Updated: 2023-07-10T06:29:48.514Z

Reserved: 2021-10-07T17:12:57.678Z

Link: CVE-2021-42081

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-07-10T16:15:47.583

Modified: 2023-07-17T18:30:01.307

Link: CVE-2021-42081

JSON object: View

Redhat Information

No data.

CWE

CWE-78

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2021-42081", "assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217", "state": "PUBLISHED", "assignerShortName": "DIVD", "dateReserved": "2021-10-07T17:12:57.678Z", "datePublished": "2023-07-10T06:29:48.514Z", "dateUpdated": "2023-07-10T06:29:48.514Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217", "shortName": "DIVD", "dateUpdated": "2023-07-10T06:29:48.514Z"}, "title": "Authenticated Remote Command Execution vulnerability in OSNEXUS QuantaStor before 6.0.0.355", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "type": "CWE"}]}], "affected": [{"vendor": "OSNEXUS", "product": "QuantaStor", "versions": [{"status": "affected", "version": "0", "lessThan": "6.0.0.355", "versionType": "semver"}], "defaultStatus": "unknown"}], "descriptions": [{"lang": "en", "value": "An authenticated administrator is allowed to remotely execute arbitrary shell commands via the API.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "An authenticated administrator is allowed to remotely execute arbitrary shell commands via the API."}]}], "references": [{"url": "https://www.wbsec.nl/osnexus", "tags": ["third-party-advisory"]}, {"url": "https://www.divd.nl/DIVD-2021-00020", "tags": ["third-party-advisory"]}, {"url": "https://www.osnexus.com/products/software-defined-storage", "tags": ["product"]}, {"url": "https://csirt.divd.nl/CVE-2021-42081", "tags": ["third-party-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "CRITICAL", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"}}], "solutions": [{"lang": "en", "value": "Upgrade to the latest version of OSNEXUS QuantaStor.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Upgrade to the latest version of OSNEXUS QuantaStor."}]}], "credits": [{"lang": "en", "value": "Wietse Boonstra", "user": "00000000-0000-4000-9000-000000000000", "type": "finder"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}