CVE-2021-36121

An issue was discovered in Echo ShareCare 8.15.5. The file-upload feature in Access/DownloadFeed_Mnt/FileUpload_Upd.cfm is susceptible to an unrestricted upload vulnerability via the name1 parameter, when processing remote input from an authenticated user, leading to the ability for arbitrary files to be written to arbitrary filesystem locations via ../ Directory Traversal on the Z: drive (a hard-coded drive letter where ShareCare application files reside) and remote code execution as the ShareCare service user (NT AUTHORITY\SYSTEM).

CVSS v3 8.8 HIGH
CVSS v2.0 6.5 MEDIUM

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://github.com/atredispartners/advisories/blob/master/ATREDIS-2021-0001.md	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:echobh:sharecare:8.15.5:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-07-13 14:15

Updated : 2024-02-28 18:28

NVD link : CVE-2021-36121

Mitre link : CVE-2021-36121

CVE.ORG link : CVE-2021-36121

JSON object : View

Products Affected

echobh

sharecare

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

{"id": "CVE-2021-36121", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2021-07-13T14:15:08.840", "references": [{"url": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2021-0001.md", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Echo ShareCare 8.15.5. The file-upload feature in Access/DownloadFeed_Mnt/FileUpload_Upd.cfm is susceptible to an unrestricted upload vulnerability via the name1 parameter, when processing remote input from an authenticated user, leading to the ability for arbitrary files to be written to arbitrary filesystem locations via ../ Directory Traversal on the Z: drive (a hard-coded drive letter where ShareCare application files reside) and remote code execution as the ShareCare service user (NT AUTHORITY\\SYSTEM)."}, {"lang": "es", "value": "Se ha detectado un problema en Echo ShareCare versi\u00f3n 8.15.5. La funcionalidad file-upload en el archivo Access/DownloadFeed_Mnt/FileUpload_Upd.cfm es susceptible de presentar una vulnerabilidad de carga sin restricciones por medio del par\u00e1metro name1, cuando procesa la entrada remota de un usuario autenticado, conllevando a la habilidad de escribir archivos arbitrarios en ubicaciones arbitrarias del sistema de archivos a por medio de ../ Salto de Directorio en la unidad Z: (una letra de unidad embebida donde residen los archivos de la aplicaci\u00f3n ShareCare) y una ejecuci\u00f3n de c\u00f3digo remota como usuario del servicio ShareCare (NT AUTHORITY\\SYSTEM)"}], "lastModified": "2021-07-15T14:13:03.137", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:echobh:sharecare:8.15.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7AC2E73C-60E9-4BA5-A03C-15A8C6022DFE"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}