CVE-2021-26612

EUVD-2021-13406
An improper input validation leading to arbitrary file creation was discovered in copy method of Nexacro platform. Remote attackers use copy method to execute arbitrary command after the file creation included malicious code.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.1 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
krcertCNA
8.1 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 75%
Affected Products (NVD)
VendorProductVersion
tobesoftnexacro
𝑥
≤ 17.1.2.500
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36380
https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36380