RSS   Vulnerabilities for 'Autosave'   RSS

2022-04-01
 
CVE-2021-32933

CWE-77
 

 
An attacker could leverage an API to pass along a malicious file that could then manipulate the process creation command line in MDT AutoSave versions prior to v6.02.06 and run a command line argument. This could then be leveraged to run a malicious process.

 
 
CVE-2021-32937

CWE-209
 

 
An attacker can gain knowledge of a session temporary working folder where the getfile and putfile commands are used in MDT AutoSave versions prior to v6.02.06. An attacker can leverage this knowledge to provide a malicious command to the working directory where the read and write activity can be initiated.

 
 
CVE-2021-32961

CWE-434
 

 
A getfile function in MDT AutoSave versions prior to v6.02.06 enables a user to supply an optional parameter, resulting in the processing of a request in a special manner. This can result in the execution of an unzip command and place a malicious .exe file in one of the locations the function looks for and get execution capabilities.

 

 >>> Vendor: Auvesy-mdt 2 Products
Autosave
Autosave for system platform


Copyright 2024, cxsecurity.com

 

Back to Top