← back
CVE-2021-42338

4MOSAn GCB Doctor - Improper Authorization

CVSS 9.8 CRITICALEPSS 5.6%CWE-285
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9.8EPSS 5.6%KEV nãoPoC Patch
Lifecycle
Nov 19, 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
4MOSAn GCB Doctor’s login page has improper validation of Cookie, which allows an unauthenticated remote attacker to bypass authentication by code injection in cookie, and arbitrarily manipulate the system or interrupt services by upload and execution of arbitrary files.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
4MOSAn · GCB Doctor

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.twcert.org.tw/tw/cp-132-5313-45bde-1.html