// For flags

CVE-2021-29221

 

Severity Score

7.0
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A local privilege escalation vulnerability was discovered in Erlang/OTP prior to version 23.2.3. By adding files to an existing installation's directory, a local attacker could hijack accounts of other users running Erlang programs or possibly coerce a service running with "erlsrv.exe" to execute arbitrary code as Local System. This can occur only under specific conditions on Windows with unsafe filesystem permissions.

Se detectó una vulnerabilidad de escalada de privilegios local en Erlang/OTP anterior a versión 23.2.3. Al agregar archivos a un directorio de instalación existente, un atacante local podría secuestrar cuentas de otros usuarios que ejecutan programas Erlang o posiblemente coaccionar un servicio que se ejecuta con "erlsrv.exe" para ejecutar código arbitrario como Local System. Esto puede ocurrir solo bajo condiciones específicas en Windows con permisos de sistema de archivos no seguros

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
High
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-03-25 CVE Reserved
  • 2021-04-09 CVE Published
  • 2024-03-15 EPSS Updated
  • 2024-08-03 CVE Updated
  • 2024-08-03 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-426: Untrusted Search Path
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Erlang
Search vendor "Erlang"
 Erlang\/otp
Search vendor "Erlang" for product "Erlang\/otp"
 < 23.2.3
Search vendor "Erlang" for product "Erlang\/otp" and version " < 23.2.3"
-
Affected
in Microsoft
Search vendor "Microsoft"
 Windows
Search vendor "Microsoft" for product "Windows"
--
Safe