← back
CVE-2021-32957

MDT AutoSave Uncontrolled Search Path Element

CVSS 7.5 HIGHEPSS 0.9%CWE-89
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.5EPSS 0.9%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
01 Apr 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A function in MDT AutoSave versions prior to v6.02.06 is used to retrieve system information for a specific process, and this information collection executes multiple commands and summarizes the information into an XML. This function and subsequent process gives full path to the executable and is therefore vulnerable to binary hijacking.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected products
MDT Software · A4SPMDT Software · AutoSave for System Platform (A4SP)MDT Software · MDT AutoSave

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.cisa.gov/uscert/ics/advisories/icsa-21-189-02