CVE-2021-44444

EPSS 1.1%CWE-125

Vexday Risk Score

3Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS —EPSS 1.1%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

14 dic 2021Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15052)

Productos afectados

Siemens · JTTK Siemens · JT Utilities

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

http://packetstormsecurity.com/files/167317/Microsoft-Office-MSDT-Follina-Proof-Of-Concept.html https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf