CVE-2021-35231
Unquoted Path (SMB Login) Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
As a result of an unquoted service path vulnerability present in the Kiwi Syslog Server Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path of the affected service or uninstall entry. Example vulnerable path: "Computer\HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Kiwi Syslog Server\Parameters\Application".
Como resultado de una vulnerabilidad de ruta de servicio no citada presente en Kiwi Syslog Server Installation Wizard, un atacante local podrÃa alcanzar privilegios escalados al insertar un ejecutable en la ruta del servicio afectado o en la entrada de desinstalación. Ejemplo de ruta vulnerable: "Computer\HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Kiwi Syslog Server\Parameters\Application"
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-06-22 CVE Reserved
- 2021-10-25 CVE Published
- 2023-03-08 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-428: Unquoted Search Path or Element
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Solarwinds Search vendor "Solarwinds" | Kiwi Syslog Server Search vendor "Solarwinds" for product "Kiwi Syslog Server" | < 9.8 Search vendor "Solarwinds" for product "Kiwi Syslog Server" and version " < 9.8" | - |
Affected
| ||||||