RSS   Vulnerabilities for 'Update manager'   RSS

2022-03-10
 
CVE-2021-40376

CWE-287
 

 
otris Update Manager 1.2.1.0 allows local users to achieve SYSTEM access via unauthenticated calls to exposed interfaces over a .NET named pipe. A remote attack may be possible as well, by leveraging WsHTTPBinding for HTTP traffic on TCP port 9000.

 


Copyright 2024, cxsecurity.com

 

Back to Top