关联漏洞
标题:
Caldera 安全漏洞
(CVE-2021-42562)
描述:Caldera是法国Caldera公司的一套能够为打印机设备提供色彩管理、成像和处理解决方案的软件。 Caldera 2.8.1版本存在安全漏洞,该漏洞源于软件没有正确地隔离用户权限,导致非管理员用户有权读取和修改配置或其他应该只有管理员用户才能访问的组件。
描述
CVE-2021-42562: Improper Access Control in MITRE Caldera
介绍
# CVE-2021-42562: Improper Access Control in MITRE Caldera
Caldera (versions <=2.8.1) does not properly segregate user privileges, resulting in non-admin users having access to read and modify configuration or other components which should only be accessible by admin users.
### Vendor Disclosure:
The vendor's disclosure for this vulnerability can be found [here](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42562).
### Requirements:
This vulnerability requires:
<br/>
- Valid non-admin user credentials
### Proof Of Concept:
More details and the exploitation process can be found in this [PDF](https://github.com/mbadanoiu/CVE-2021-42562/blob/main/Caldera%20-%20CVE-2021-42562.pdf).
### Additional Resources:
This vulnerability allows a non-admin user to exploit the vulnerability [CVE-2021-42559: Command Injection via Configurations in MITRE Caldera](https://github.com/mbadanoiu/CVE-2021-42559) in order to achieve remote code execution.
文件快照
[4.0K] /data/pocs/e1c19e3f1ce54ade1c39f49eb174788fa442a008
├── [319K] Caldera - CVE-2021-42562.pdf
└── [ 965] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。