CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 2CVE-2021-31800
https://notcve.org/view.php?id=CVE-2021-31800
Multiple path traversal vulnerabilities exist in smbserver.py in Impacket through 0.9.22. An attacker that connects to a running smbserver instance can list and write to arbitrary files via ../ directory traversal. This could potentially be abused to achieve arbitrary code execution by replacing /etc/shadow or an SSH authorized key. Se presentan múltiples vulnerabilidades de salto de ruta en el archivo smbserver.py en Impacket versiones hasta 0.9.22. Un atacante que se conecta a una instancia de smbserver en ejecución puede enumerar y escribir en archivos arbitrarios por medio de un salto de directorio ../. • https://github.com/Louzogh/CVE-2021-31800 https://github.com/p0dalirius/CVE-2021-31800-Impacket-SMB-Server-Arbitrary-file-read-write https://github.com/SecureAuthCorp/impacket/blob/cb6d43a677c338db930bc4e9161620832c1ec624/impacket/smbserver.py#L2008 https://github.com/SecureAuthCorp/impacket/blob/cb6d43a677c338db930bc4e9161620832c1ec624/impacket/smbserver.py#L2958 https://github.com/SecureAuthCorp/impacket/blob/cb6d43a677c338db930bc4e9161620832c1ec624/impacket/smbserver.py#L3485 https://github.com/SecureAuthCorp/impacket/blob/cb6d43a677c338db930bc4e9161620832c1ec624&# • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •