Vulnerability CVE-2021-33214
Published: 2021-07-09

Description:
In HMS Ewon eCatcher through 6.6.4, weak filesystem permissions could allow malicious users to access files that could lead to sensitive information disclosure, modification of configuration files, or disruption of normal system operation.

Type:

CWE-276

 (Incorrect Default Permissions)

CVSS2 => (AV:N/AC:M/Au:S/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6/10
6.4/10
6.8/10
Exploit range
Attack complexity
Authentication
Remote
Medium
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Hms-networks -> Ecatcher 

 References:
https://www.ewon.biz/technical-support/pages/talk2m/talk2m-tools/talk2m-ecatcher
https://labs.bishopfox.com/advisories
https://cdn.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2021-07-09-001---ewon-ecatcher.pdf?sfvrsn=b37418d7_4
https://www.ewon.biz/about-us/security
Copyright 2024, cxsecurity.com

 

Back to Top