CVE-2021-38289

An issue has been discovered in Novastar-VNNOX-iCare Novaicare 7.16.0 that gives attacker privilege escalation and allows attackers to view corporate information and SMTP server details, delete users, view roles, and other unspecified impacts.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 52%
VendorProductVersion
novastarnovaicare
7.16.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/viperbluff/Novastar-VNNOX-iCare-Privilege-Escalation
https://twitter.com/viperbluff/status/1439941380244230150?s=20&t=iPSn8eNxaxUKis5OKSQJRQ
https://github.com/viperbluff/Novastar-VNNOX-iCare-Privilege-Escalation
https://twitter.com/viperbluff/status/1439941380244230150?s=20&t=iPSn8eNxaxUKis5OKSQJRQ