CVE-2021-42952

EUVD-2021-29907
Zepl Notebooks before 2021-10-25 are affected by a sandbox escape vulnerability. Upon launching Remote Code Execution from the Notebook, users can then use that to subsequently escape the running context sandbox and proceed to access internal Zepl assets including cloud metadata services.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.9 CRITICAL
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 85%
Affected Products (NVD)
VendorProductVersion
zeplzepl
𝑥
< 2021-10-25
𝑥
= Vulnerable software versions
References
http://zepl.com
https://seclists.org/fulldisclosure/2022/Feb/32
http://zepl.com
https://seclists.org/fulldisclosure/2022/Feb/32