CVE-2021-2627407.07.2021, 14:15The Agent in NinjaRMM 5.0.909 has Insecure Permissions.EnginsightProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVectorNISTNIST7.1 HIGHLOCALLOWLOWCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:HmitreCNA------CVEADP------Base ScoreCVSS 3.xEPSS ScorePercentile: 10%VendorProductVersionninjarmmninjarmm5.0.909𝑥= Vulnerable software versionsKnown Exploits!https://improsec.com/tech-blog/privilege-escalation-vulnerability-in-ninjarmmhttps://improsec.com/tech-blog/privilege-escalation-vulnerability-in-ninjarmmCommon Weakness EnumerationCWE-276 - Incorrect Default PermissionsDuring installation, installed file permissions are set to allow anyone to modify those files.Referenceshttps://improsec.com/tech-blog/privilege-escalation-vulnerability-in-ninjarmmhttps://www.ninjarmm.comhttps://www.ninjarmm.com/blog/cve-2021-26273-cve-2021-26274/https://improsec.com/tech-blog/privilege-escalation-vulnerability-in-ninjarmmhttps://www.ninjarmm.comhttps://www.ninjarmm.com/blog/cve-2021-26273-cve-2021-26274/