CWE-61
AllowedUNIX Symbolic Link (Symlink) Following
Abstraction: Compound · Status: Incomplete
The product, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files.
270 vulnerabilities reference this CWE, most recent first.
CVE-2021-32508 (GCVE-0-2021-32508)
Vulnerability from cvelistv5 – Published: 2021-07-07 14:11 – Updated: 2024-09-16 18:33- CWE-61 - UNIX Symbolic Link (Symlink) Following
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-4864-94df4-1.html | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| QSAN | Storage Manager |
Affected:
unspecified , ≤ 3.3.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:17:29.576Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4864-94df4-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Storage Manager",
"vendor": "QSAN",
"versions": [
{
"lessThanOrEqual": "3.3.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-07-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Absolute Path Traversal vulnerability in FileStreaming in QSAN Storage Manager allows remote authenticated attackers access arbitrary files by injecting the Symbolic Link following the Url path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "CWE-61 UNIX Symbolic Link (Symlink) Following",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-22T10:32:28.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4864-94df4-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "QSAN Storage Manager v3.3.3"
}
],
"source": {
"advisory": "TVN-202104013",
"discovery": "EXTERNAL"
},
"title": "QSAN Storage Manager - UNIX Symbolic Link (Symlink) Following via FileStreaming function",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-07-07T09:12:00.000Z",
"ID": "CVE-2021-32508",
"STATE": "PUBLIC",
"TITLE": "QSAN Storage Manager - UNIX Symbolic Link (Symlink) Following via FileStreaming function"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Storage Manager",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "3.3.1"
}
]
}
}
]
},
"vendor_name": "QSAN"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Absolute Path Traversal vulnerability in FileStreaming in QSAN Storage Manager allows remote authenticated attackers access arbitrary files by injecting the Symbolic Link following the Url path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-61 UNIX Symbolic Link (Symlink) Following"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-4864-94df4-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4864-94df4-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "QSAN Storage Manager v3.3.3"
}
],
"source": {
"advisory": "TVN-202104013",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-32508",
"datePublished": "2021-07-07T14:11:42.382Z",
"dateReserved": "2021-05-10T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:33:36.254Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25322 (GCVE-0-2021-25322)
Vulnerability from cvelistv5 – Published: 2021-06-10 11:45 – Updated: 2024-09-17 03:02- CWE-61 - UNIX Symbolic Link (Symlink) Following
| URL | Tags |
|---|---|
| https://bugzilla.suse.com/show_bug.cgi?id=1182373 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:03:05.436Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1182373"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Leap 15.2",
"vendor": "openSUSE",
"versions": [
{
"lessThanOrEqual": "1.3.2-lp152.2.3.1",
"status": "affected",
"version": "python-HyperKitty",
"versionType": "custom"
}
]
},
{
"product": "Factory",
"vendor": "openSUSE",
"versions": [
{
"lessThan": "1.3.4-5.1",
"status": "affected",
"version": "python-HyperKitty",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Matthias Gerstner of SUSE"
}
],
"datePublic": "2021-05-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A UNIX Symbolic Link (Symlink) Following vulnerability in python-HyperKitty of openSUSE Leap 15.2, Factory allows local attackers to escalate privileges from the user hyperkitty or hyperkitty-admin to root. This issue affects: openSUSE Leap 15.2 python-HyperKitty version 1.3.2-lp152.2.3.1 and prior versions. openSUSE Factory python-HyperKitty versions prior to 1.3.4-5.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "CWE-61: UNIX Symbolic Link (Symlink) Following",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-10T11:45:11.000Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1182373"
}
],
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1182373",
"defect": [
"1182373"
],
"discovery": "INTERNAL"
},
"title": "python-HyperKitty: hyperkitty-permissions.sh used during %post allows local privilege escalation from hyperkitty user to root",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"DATE_PUBLIC": "2021-05-19T00:00:00.000Z",
"ID": "CVE-2021-25322",
"STATE": "PUBLIC",
"TITLE": "python-HyperKitty: hyperkitty-permissions.sh used during %post allows local privilege escalation from hyperkitty user to root"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Leap 15.2",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "python-HyperKitty",
"version_value": "1.3.2-lp152.2.3.1"
}
]
}
},
{
"product_name": "Factory",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "python-HyperKitty",
"version_value": "1.3.4-5.1"
}
]
}
}
]
},
"vendor_name": "openSUSE"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Matthias Gerstner of SUSE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A UNIX Symbolic Link (Symlink) Following vulnerability in python-HyperKitty of openSUSE Leap 15.2, Factory allows local attackers to escalate privileges from the user hyperkitty or hyperkitty-admin to root. This issue affects: openSUSE Leap 15.2 python-HyperKitty version 1.3.2-lp152.2.3.1 and prior versions. openSUSE Factory python-HyperKitty versions prior to 1.3.4-5.1."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-61: UNIX Symbolic Link (Symlink) Following"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1182373",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1182373"
}
]
},
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1182373",
"defect": [
"1182373"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2021-25322",
"datePublished": "2021-06-10T11:45:11.776Z",
"dateReserved": "2021-01-19T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:02:08.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25321 (GCVE-0-2021-25321)
Vulnerability from cvelistv5 – Published: 2021-06-30 08:25 – Updated: 2024-09-16 18:43- CWE-61 - UNIX Symbolic Link (Symlink) Following
| URL | Tags |
|---|---|
| https://bugzilla.suse.com/show_bug.cgi?id=1186240 | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| SUSE | SUSE Linux Enterprise Server 11-SP4-LTSS |
Affected:
arpwatch , < 2.1a15
(custom)
|
|
| SUSE | SUSE Manager Server 4.0 |
Affected:
arpwatch , < 2.1a15
(custom)
|
|
| SUSE | SUSE OpenStack Cloud Crowbar 9 |
Affected:
arpwatch , < 2.1a15
(custom)
|
|
| openSUSE | Factory |
Affected:
arpwatch , ≤ 2.1a15-169.5
(custom)
|
|
| openSUSE | Leap 15.2 |
Affected:
arpwatch , ≤ 2.1a15-lp152.5.5
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:03:04.107Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1186240"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SUSE Linux Enterprise Server 11-SP4-LTSS",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.1a15",
"status": "affected",
"version": "arpwatch",
"versionType": "custom"
}
]
},
{
"product": "SUSE Manager Server 4.0",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.1a15",
"status": "affected",
"version": "arpwatch",
"versionType": "custom"
}
]
},
{
"product": "SUSE OpenStack Cloud Crowbar 9",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.1a15",
"status": "affected",
"version": "arpwatch",
"versionType": "custom"
}
]
},
{
"product": "Factory",
"vendor": "openSUSE",
"versions": [
{
"lessThanOrEqual": "2.1a15-169.5",
"status": "affected",
"version": "arpwatch",
"versionType": "custom"
}
]
},
{
"product": "Leap 15.2",
"vendor": "openSUSE",
"versions": [
{
"lessThanOrEqual": "2.1a15-lp152.5.5",
"status": "affected",
"version": "arpwatch",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Johannes Segitz of SUSE"
}
],
"datePublic": "2021-06-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Factory, Leap 15.2 allows local attackers with control of the runtime user to run arpwatch as to escalate to root upon the next restart of arpwatch. This issue affects: SUSE Linux Enterprise Server 11-SP4-LTSS arpwatch versions prior to 2.1a15. SUSE Manager Server 4.0 arpwatch versions prior to 2.1a15. SUSE OpenStack Cloud Crowbar 9 arpwatch versions prior to 2.1a15. openSUSE Factory arpwatch version 2.1a15-169.5 and prior versions. openSUSE Leap 15.2 arpwatch version 2.1a15-lp152.5.5 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "CWE-61: UNIX Symbolic Link (Symlink) Following",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-30T08:25:12.000Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1186240"
}
],
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1186240",
"defect": [
"1186240"
],
"discovery": "INTERNAL"
},
"title": "arpwatch: Local privilege escalation from runtime user to root",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"DATE_PUBLIC": "2021-06-28T00:00:00.000Z",
"ID": "CVE-2021-25321",
"STATE": "PUBLIC",
"TITLE": "arpwatch: Local privilege escalation from runtime user to root"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SUSE Linux Enterprise Server 11-SP4-LTSS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "arpwatch",
"version_value": "2.1a15"
}
]
}
},
{
"product_name": "SUSE Manager Server 4.0",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "arpwatch",
"version_value": "2.1a15"
}
]
}
},
{
"product_name": "SUSE OpenStack Cloud Crowbar 9",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "arpwatch",
"version_value": "2.1a15"
}
]
}
}
]
},
"vendor_name": "SUSE"
},
{
"product": {
"product_data": [
{
"product_name": "Factory",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "arpwatch",
"version_value": "2.1a15-169.5"
}
]
}
},
{
"product_name": "Leap 15.2",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "arpwatch",
"version_value": "2.1a15-lp152.5.5"
}
]
}
}
]
},
"vendor_name": "openSUSE"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Johannes Segitz of SUSE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Factory, Leap 15.2 allows local attackers with control of the runtime user to run arpwatch as to escalate to root upon the next restart of arpwatch. This issue affects: SUSE Linux Enterprise Server 11-SP4-LTSS arpwatch versions prior to 2.1a15. SUSE Manager Server 4.0 arpwatch versions prior to 2.1a15. SUSE OpenStack Cloud Crowbar 9 arpwatch versions prior to 2.1a15. openSUSE Factory arpwatch version 2.1a15-169.5 and prior versions. openSUSE Leap 15.2 arpwatch version 2.1a15-lp152.5.5 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-61: UNIX Symbolic Link (Symlink) Following"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1186240",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1186240"
}
]
},
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1186240",
"defect": [
"1186240"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2021-25321",
"datePublished": "2021-06-30T08:25:12.750Z",
"dateReserved": "2021-01-19T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:43:24.802Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-4287 (GCVE-0-2021-4287)
Vulnerability from cvelistv5 – Published: 2022-12-27 10:32 – Updated: 2025-04-11 14:42- CWE-61 - Symlink Following
| URL | Tags |
|---|---|
| https://vuldb.com/?id.216876 | vdb-entry |
| https://vuldb.com/?ctiid.216876 | signaturepermissions-required |
| https://github.com/ReFirmLabs/binwalk/pull/556 | issue-tracking |
| https://github.com/ReFirmLabs/binwalk/commit/fa0c… | patch |
| https://github.com/ReFirmLabs/binwalk/releases/ta… | patch |
| Vendor | Product | Version | |
|---|---|---|---|
| ReFirm Labs | binwalk |
Affected:
2.3.0
Affected: 2.3.1 Affected: 2.3.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:23:10.402Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://vuldb.com/?id.216876"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.216876"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/ReFirmLabs/binwalk/pull/556"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/ReFirmLabs/binwalk/commit/fa0c0bd59b8588814756942fe4cb5452e76c1dcd"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/ReFirmLabs/binwalk/releases/tag/v2.3.3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-4287",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-11T14:42:13.101400Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-11T14:42:29.162Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Archive Extraction Handler"
],
"product": "binwalk",
"vendor": "ReFirm Labs",
"versions": [
{
"status": "affected",
"version": "2.3.0"
},
{
"status": "affected",
"version": "2.3.1"
},
{
"status": "affected",
"version": "2.3.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in ReFirm Labs binwalk up to 2.3.2. Affected is an unknown function of the file src/binwalk/modules/extractor.py of the component Archive Extraction Handler. The manipulation leads to symlink following. It is possible to launch the attack remotely. Upgrading to version 2.3.3 is able to address this issue. The name of the patch is fa0c0bd59b8588814756942fe4cb5452e76c1dcd. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216876."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in ReFirm Labs binwalk bis 2.3.2 gefunden. Sie wurde als problematisch eingestuft. Hiervon betroffen ist ein unbekannter Codeblock der Datei src/binwalk/modules/extractor.py der Komponente Archive Extraction Handler. Dank der Manipulation mit unbekannten Daten kann eine symlink following-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Ein Aktualisieren auf die Version 2.3.3 vermag dieses Problem zu l\u00f6sen. Der Patch wird als fa0c0bd59b8588814756942fe4cb5452e76c1dcd bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "CWE-61 Symlink Following",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-27T10:35:39.742Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.216876"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.216876"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/ReFirmLabs/binwalk/pull/556"
},
{
"tags": [
"patch"
],
"url": "https://github.com/ReFirmLabs/binwalk/commit/fa0c0bd59b8588814756942fe4cb5452e76c1dcd"
},
{
"tags": [
"patch"
],
"url": "https://github.com/ReFirmLabs/binwalk/releases/tag/v2.3.3"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-12-27T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2022-12-27T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2022-12-27T11:40:34.000Z",
"value": "VulDB last update"
}
],
"title": "ReFirm Labs binwalk Archive Extraction extractor.py symlink"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2021-4287",
"datePublished": "2022-12-27T10:32:41.014Z",
"dateReserved": "2022-12-27T10:31:18.759Z",
"dateUpdated": "2025-04-11T14:42:29.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-1612 (GCVE-0-2021-1612)
Vulnerability from cvelistv5 – Published: 2021-09-23 02:30 – Updated: 2024-11-07 21:51| URL | Tags |
|---|---|
| https://tools.cisco.com/security/center/content/C… | vendor-advisoryx_refsource_CISCO |
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco IOS XE SD-WAN Software |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:18:10.335Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20210922 Cisco IOS XE SD-WAN Software Arbitrary File Overwrite Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-GjR5pGOm"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-1612",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T21:40:28.570040Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T21:51:57.117Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco IOS XE SD-WAN Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2021-09-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Cisco IOS XE SD-WAN Software CLI could allow an authenticated, local attacker to overwrite arbitrary files on the local system. This vulnerability is due to improper access controls on files within the local file system. An attacker could exploit this vulnerability by placing a symbolic link in a specific location on the local file system. A successful exploit could allow the attacker to overwrite arbitrary files on an affected device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "CWE-61",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-23T02:30:39.000Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20210922 Cisco IOS XE SD-WAN Software Arbitrary File Overwrite Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-GjR5pGOm"
}
],
"source": {
"advisory": "cisco-sa-sd-wan-GjR5pGOm",
"defect": [
[
"CSCvt63238"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco IOS XE SD-WAN Software Arbitrary File Overwrite Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2021-09-22T16:00:00",
"ID": "CVE-2021-1612",
"STATE": "PUBLIC",
"TITLE": "Cisco IOS XE SD-WAN Software Arbitrary File Overwrite Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco IOS XE SD-WAN Software",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Cisco IOS XE SD-WAN Software CLI could allow an authenticated, local attacker to overwrite arbitrary files on the local system. This vulnerability is due to improper access controls on files within the local file system. An attacker could exploit this vulnerability by placing a symbolic link in a specific location on the local file system. A successful exploit could allow the attacker to overwrite arbitrary files on an affected device."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "5.5",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-61"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20210922 Cisco IOS XE SD-WAN Software Arbitrary File Overwrite Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-GjR5pGOm"
}
]
},
"source": {
"advisory": "cisco-sa-sd-wan-GjR5pGOm",
"defect": [
[
"CSCvt63238"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2021-1612",
"datePublished": "2021-09-23T02:30:39.829Z",
"dateReserved": "2020-11-13T00:00:00.000Z",
"dateUpdated": "2024-11-07T21:51:57.117Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-1145 (GCVE-0-2021-1145)
Vulnerability from cvelistv5 – Published: 2021-01-13 21:45 – Updated: 2024-11-12 20:40| URL | Tags |
|---|---|
| https://tools.cisco.com/security/center/content/C… | vendor-advisoryx_refsource_CISCO |
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco ASR 5000 Series Software |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:02:55.422Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20210113 Cisco StarOS for Cisco ASR 5000 Series Routers Arbitrary File Read Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-file-read-L3RDvtey"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-1145",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-08T20:53:11.748770Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T20:40:11.365Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco ASR 5000 Series Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2021-01-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Secure FTP (SFTP) of Cisco StarOS for Cisco ASR 5000 Series Routers could allow an authenticated, remote attacker to read arbitrary files on an affected device. To exploit this vulnerability, the attacker would need to have valid credentials on the affected device. The vulnerability is due to insecure handling of symbolic links. An attacker could exploit this vulnerability by sending a crafted SFTP command to an affected device. A successful exploit could allow the attacker to read arbitrary files on the affected device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "CWE-61",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-13T21:45:36.000Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20210113 Cisco StarOS for Cisco ASR 5000 Series Routers Arbitrary File Read Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-file-read-L3RDvtey"
}
],
"source": {
"advisory": "cisco-sa-staros-file-read-L3RDvtey",
"defect": [
[
"CSCvv34230"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco StarOS for Cisco ASR 5000 Series Routers Arbitrary File Read Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2021-01-13T16:00:00",
"ID": "CVE-2021-1145",
"STATE": "PUBLIC",
"TITLE": "Cisco StarOS for Cisco ASR 5000 Series Routers Arbitrary File Read Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco ASR 5000 Series Software",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Secure FTP (SFTP) of Cisco StarOS for Cisco ASR 5000 Series Routers could allow an authenticated, remote attacker to read arbitrary files on an affected device. To exploit this vulnerability, the attacker would need to have valid credentials on the affected device. The vulnerability is due to insecure handling of symbolic links. An attacker could exploit this vulnerability by sending a crafted SFTP command to an affected device. A successful exploit could allow the attacker to read arbitrary files on the affected device."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "6.5",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-61"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20210113 Cisco StarOS for Cisco ASR 5000 Series Routers Arbitrary File Read Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-file-read-L3RDvtey"
}
]
},
"source": {
"advisory": "cisco-sa-staros-file-read-L3RDvtey",
"defect": [
[
"CSCvv34230"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2021-1145",
"datePublished": "2021-01-13T21:45:36.440Z",
"dateReserved": "2020-11-13T00:00:00.000Z",
"dateUpdated": "2024-11-12T20:40:11.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15076 (GCVE-0-2020-15076)
Vulnerability from cvelistv5 – Published: 2021-05-26 18:17 – Updated: 2024-08-04 13:08- CWE-61 - UNIX Symbolic Link (Symlink) Following
| URL | Tags |
|---|---|
| https://swupdate.openvpn.net/downloads/privatetun… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Private Tunnel |
Affected:
3.0.1 and prior versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:08:21.820Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://swupdate.openvpn.net/downloads/privatetunnel/changelog.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Private Tunnel",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "3.0.1 and prior versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Private Tunnel installer for macOS version 3.0.1 and older versions may corrupt system critical files it should not have access via symlinks in /tmp."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "CWE-61: UNIX Symbolic Link (Symlink) Following",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-26T18:17:56.000Z",
"orgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"shortName": "OpenVPN"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://swupdate.openvpn.net/downloads/privatetunnel/changelog.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@openvpn.net",
"ID": "CVE-2020-15076",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Private Tunnel",
"version": {
"version_data": [
{
"version_value": "3.0.1 and prior versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Private Tunnel installer for macOS version 3.0.1 and older versions may corrupt system critical files it should not have access via symlinks in /tmp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-61: UNIX Symbolic Link (Symlink) Following"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://swupdate.openvpn.net/downloads/privatetunnel/changelog.txt",
"refsource": "MISC",
"url": "https://swupdate.openvpn.net/downloads/privatetunnel/changelog.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"assignerShortName": "OpenVPN",
"cveId": "CVE-2020-15076",
"datePublished": "2021-05-26T18:17:57.000Z",
"dateReserved": "2020-06-25T00:00:00.000Z",
"dateUpdated": "2024-08-04T13:08:21.820Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15075 (GCVE-0-2020-15075)
Vulnerability from cvelistv5 – Published: 2021-03-30 13:38 – Updated: 2024-08-04 13:08- CWE-61 - UNIX Symbolic Link (Symlink) Following
| URL | Tags |
|---|---|
| https://openvpn.net/vpn-server-resources/openvpn-… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | OpenVPN Connect |
Affected:
3.2.6 and prior versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:08:21.419Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://openvpn.net/vpn-server-resources/openvpn-connect-for-macos-change-log/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenVPN Connect",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "3.2.6 and prior versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenVPN Connect installer for macOS version 3.2.6 and older may corrupt system critical files it should not have access via symlinks in /tmp."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "CWE-61: UNIX Symbolic Link (Symlink) Following",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-30T13:38:02.000Z",
"orgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"shortName": "OpenVPN"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://openvpn.net/vpn-server-resources/openvpn-connect-for-macos-change-log/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@openvpn.net",
"ID": "CVE-2020-15075",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenVPN Connect",
"version": {
"version_data": [
{
"version_value": "3.2.6 and prior versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenVPN Connect installer for macOS version 3.2.6 and older may corrupt system critical files it should not have access via symlinks in /tmp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-61: UNIX Symbolic Link (Symlink) Following"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://openvpn.net/vpn-server-resources/openvpn-connect-for-macos-change-log/",
"refsource": "MISC",
"url": "https://openvpn.net/vpn-server-resources/openvpn-connect-for-macos-change-log/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"assignerShortName": "OpenVPN",
"cveId": "CVE-2020-15075",
"datePublished": "2021-03-30T13:38:02.000Z",
"dateReserved": "2020-06-25T00:00:00.000Z",
"dateUpdated": "2024-08-04T13:08:21.419Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8019 (GCVE-0-2020-8019)
Vulnerability from cvelistv5 – Published: 2020-06-29 11:30 – Updated: 2024-09-17 03:43- CWE-61 - UNIX Symbolic Link (Symlink) Following
| URL | Tags |
|---|---|
| https://bugzilla.suse.com/show_bug.cgi?id=1169385 | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| SUSE | SUSE Linux Enterprise Debuginfo 11-SP3 |
Affected:
syslog-ng , < 2.0.9-27.34.40.5.1
(custom)
|
|
| SUSE | SUSE Linux Enterprise Debuginfo 11-SP4 |
Affected:
syslog-ng , < 2.0.9-27.34.40.5.1
(custom)
|
|
| SUSE | SUSE Linux Enterprise Module for Legacy Software 12 |
Affected:
syslog-ng , < 3.6.4-12.8.1
(custom)
|
|
| SUSE | SUSE Linux Enterprise Point of Sale 11-SP3 |
Affected:
syslog-ng , < 2.0.9-27.34.40.5.1
(custom)
|
|
| SUSE | SUSE Linux Enterprise Server 11-SP4-LTSS |
Affected:
syslog-ng , < 2.0.9-27.34.40.5.1
(custom)
|
|
| SUSE | SUSE Linux Enterprise Server for SAP 12-SP1 |
Affected:
syslog-ng , < 3.6.4-12.8.1
(custom)
|
|
| openSUSE | openSUSE Backports SLE-15-SP1 |
Affected:
syslog-ng , < 3.19.1-bp151.4.6.1
(custom)
|
|
| openSUSE | openSUSE Leap 15.1 |
Affected:
syslog-ng , < 3.19.1-lp151.3.6.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:48:25.595Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1169385"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SUSE Linux Enterprise Debuginfo 11-SP3",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.0.9-27.34.40.5.1",
"status": "affected",
"version": "syslog-ng",
"versionType": "custom"
}
]
},
{
"product": "SUSE Linux Enterprise Debuginfo 11-SP4",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.0.9-27.34.40.5.1",
"status": "affected",
"version": "syslog-ng",
"versionType": "custom"
}
]
},
{
"product": "SUSE Linux Enterprise Module for Legacy Software 12",
"vendor": "SUSE",
"versions": [
{
"lessThan": "3.6.4-12.8.1",
"status": "affected",
"version": "syslog-ng",
"versionType": "custom"
}
]
},
{
"product": "SUSE Linux Enterprise Point of Sale 11-SP3",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.0.9-27.34.40.5.1",
"status": "affected",
"version": "syslog-ng",
"versionType": "custom"
}
]
},
{
"product": "SUSE Linux Enterprise Server 11-SP4-LTSS",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.0.9-27.34.40.5.1",
"status": "affected",
"version": "syslog-ng",
"versionType": "custom"
}
]
},
{
"product": "SUSE Linux Enterprise Server for SAP 12-SP1",
"vendor": "SUSE",
"versions": [
{
"lessThan": "3.6.4-12.8.1",
"status": "affected",
"version": "syslog-ng",
"versionType": "custom"
}
]
},
{
"product": "openSUSE Backports SLE-15-SP1",
"vendor": "openSUSE",
"versions": [
{
"lessThan": "3.19.1-bp151.4.6.1",
"status": "affected",
"version": "syslog-ng",
"versionType": "custom"
}
]
},
{
"product": "openSUSE Leap 15.1",
"vendor": "openSUSE",
"versions": [
{
"lessThan": "3.19.1-lp151.3.6.1",
"status": "affected",
"version": "syslog-ng",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Johannes Segitz of SUSE"
}
],
"datePublic": "2020-06-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of syslog-ng of SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Module for Legacy Software 12, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Linux Enterprise Server for SAP 12-SP1; openSUSE Backports SLE-15-SP1, openSUSE Leap 15.1 allowed local attackers controlling the user news to escalate their privileges to root. This issue affects: SUSE Linux Enterprise Debuginfo 11-SP3 syslog-ng versions prior to 2.0.9-27.34.40.5.1. SUSE Linux Enterprise Debuginfo 11-SP4 syslog-ng versions prior to 2.0.9-27.34.40.5.1. SUSE Linux Enterprise Module for Legacy Software 12 syslog-ng versions prior to 3.6.4-12.8.1. SUSE Linux Enterprise Point of Sale 11-SP3 syslog-ng versions prior to 2.0.9-27.34.40.5.1. SUSE Linux Enterprise Server 11-SP4-LTSS syslog-ng versions prior to 2.0.9-27.34.40.5.1. SUSE Linux Enterprise Server for SAP 12-SP1 syslog-ng versions prior to 3.6.4-12.8.1. openSUSE Backports SLE-15-SP1 syslog-ng versions prior to 3.19.1-bp151.4.6.1. openSUSE Leap 15.1 syslog-ng versions prior to 3.19.1-lp151.3.6.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "CWE-61: UNIX Symbolic Link (Symlink) Following",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-29T11:30:14.000Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1169385"
}
],
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1169385",
"defect": [
"1169385"
],
"discovery": "INTERNAL"
},
"title": "syslog-ng: Local privilege escalation from new to root in %post",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"DATE_PUBLIC": "2020-06-29T00:00:00.000Z",
"ID": "CVE-2020-8019",
"STATE": "PUBLIC",
"TITLE": "syslog-ng: Local privilege escalation from new to root in %post"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SUSE Linux Enterprise Debuginfo 11-SP3",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "syslog-ng",
"version_value": "2.0.9-27.34.40.5.1"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Debuginfo 11-SP4",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "syslog-ng",
"version_value": "2.0.9-27.34.40.5.1"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Module for Legacy Software 12",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "syslog-ng",
"version_value": "3.6.4-12.8.1"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Point of Sale 11-SP3",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "syslog-ng",
"version_value": "2.0.9-27.34.40.5.1"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Server 11-SP4-LTSS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "syslog-ng",
"version_value": "2.0.9-27.34.40.5.1"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Server for SAP 12-SP1",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "syslog-ng",
"version_value": "3.6.4-12.8.1"
}
]
}
}
]
},
"vendor_name": "SUSE"
},
{
"product": {
"product_data": [
{
"product_name": "openSUSE Backports SLE-15-SP1",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "syslog-ng",
"version_value": "3.19.1-bp151.4.6.1"
}
]
}
},
{
"product_name": "openSUSE Leap 15.1",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "syslog-ng",
"version_value": "3.19.1-lp151.3.6.1"
}
]
}
}
]
},
"vendor_name": "openSUSE"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Johannes Segitz of SUSE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of syslog-ng of SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Module for Legacy Software 12, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Linux Enterprise Server for SAP 12-SP1; openSUSE Backports SLE-15-SP1, openSUSE Leap 15.1 allowed local attackers controlling the user news to escalate their privileges to root. This issue affects: SUSE Linux Enterprise Debuginfo 11-SP3 syslog-ng versions prior to 2.0.9-27.34.40.5.1. SUSE Linux Enterprise Debuginfo 11-SP4 syslog-ng versions prior to 2.0.9-27.34.40.5.1. SUSE Linux Enterprise Module for Legacy Software 12 syslog-ng versions prior to 3.6.4-12.8.1. SUSE Linux Enterprise Point of Sale 11-SP3 syslog-ng versions prior to 2.0.9-27.34.40.5.1. SUSE Linux Enterprise Server 11-SP4-LTSS syslog-ng versions prior to 2.0.9-27.34.40.5.1. SUSE Linux Enterprise Server for SAP 12-SP1 syslog-ng versions prior to 3.6.4-12.8.1. openSUSE Backports SLE-15-SP1 syslog-ng versions prior to 3.19.1-bp151.4.6.1. openSUSE Leap 15.1 syslog-ng versions prior to 3.19.1-lp151.3.6.1."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-61: UNIX Symbolic Link (Symlink) Following"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1169385",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1169385"
}
]
},
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1169385",
"defect": [
"1169385"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2020-8019",
"datePublished": "2020-06-29T11:30:14.396Z",
"dateReserved": "2020-01-27T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:43:09.266Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8014 (GCVE-0-2020-8014)
Vulnerability from cvelistv5 – Published: 2020-06-29 12:00 – Updated: 2024-09-17 03:13- CWE-61 - UNIX Symbolic Link (Symlink) Following
| URL | Tags |
|---|---|
| https://bugzilla.suse.com/show_bug.cgi?id=1164131 | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| openSUSE | openSUSE Leap 15.1 |
Affected:
kopano-spamd , < 10.0.5-lp151.4.1
(custom)
|
|
| openSUSE | openSUSE Tumbleweed |
Affected:
kopano-spamd , < 10.0.5-1.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:48:25.585Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1164131"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openSUSE Leap 15.1",
"vendor": "openSUSE",
"versions": [
{
"lessThan": "10.0.5-lp151.4.1",
"status": "affected",
"version": "kopano-spamd",
"versionType": "custom"
}
]
},
{
"product": "openSUSE Tumbleweed",
"vendor": "openSUSE",
"versions": [
{
"lessThan": "10.0.5-1.1",
"status": "affected",
"version": "kopano-spamd",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Johannes Segitz of SUSE"
}
],
"datePublic": "2020-05-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of kopano-spamd of openSUSE Leap 15.1, openSUSE Tumbleweed allowed local attackers with the privileges of the kopano user to escalate to root. This issue affects: openSUSE Leap 15.1 kopano-spamd versions prior to 10.0.5-lp151.4.1. openSUSE Tumbleweed kopano-spamd versions prior to 10.0.5-1.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "CWE-61: UNIX Symbolic Link (Symlink) Following",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-29T12:00:22.000Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1164131"
}
],
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1164131",
"defect": [
"1164131"
],
"discovery": "INTERNAL"
},
"title": "kopano-python-services: Local privilege escalation from kopano to root in kopano-spamd subpackage",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"DATE_PUBLIC": "2020-05-19T00:00:00.000Z",
"ID": "CVE-2020-8014",
"STATE": "PUBLIC",
"TITLE": "kopano-python-services: Local privilege escalation from kopano to root in kopano-spamd subpackage"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "openSUSE Leap 15.1",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "kopano-spamd",
"version_value": "10.0.5-lp151.4.1"
}
]
}
},
{
"product_name": "openSUSE Tumbleweed",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "kopano-spamd",
"version_value": "10.0.5-1.1"
}
]
}
}
]
},
"vendor_name": "openSUSE"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Johannes Segitz of SUSE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of kopano-spamd of openSUSE Leap 15.1, openSUSE Tumbleweed allowed local attackers with the privileges of the kopano user to escalate to root. This issue affects: openSUSE Leap 15.1 kopano-spamd versions prior to 10.0.5-lp151.4.1. openSUSE Tumbleweed kopano-spamd versions prior to 10.0.5-1.1."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-61: UNIX Symbolic Link (Symlink) Following"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1164131",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1164131"
}
]
},
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1164131",
"defect": [
"1164131"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2020-8014",
"datePublished": "2020-06-29T12:00:23.054Z",
"dateReserved": "2020-01-27T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:13:57.674Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Symbolic link attacks often occur when a program creates a tmp directory that stores files/links. Access to the directory should be restricted to the program as to prevent attackers from manipulating the files.
Mitigation MIT-48.1
Strategy: Separation of Privilege
- Follow the principle of least privilege when assigning access rights to entities in a software system.
- Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.
CAPEC-27: Leveraging Race Conditions via Symbolic Links
This attack leverages the use of symbolic links (Symlinks) in order to write to sensitive files. An attacker can create a Symlink link to a target file not otherwise accessible to them. When the privileged program tries to create a temporary file with the same name as the Symlink link, it will actually write to the target file pointed to by the attackers' Symlink link. If the attacker can insert malicious content in the temporary file they will be writing to the sensitive file by using the Symlink. The race occurs because the system checks if the temporary file exists, then creates the file. The attacker would typically create the Symlink during the interval between the check and the creation of the temporary file.