CVE-2021-27193

Critical

Incorrect default permissions vulnerability in the API of Netop Vision Pro up to and including 9.7.1 allows a remote unauthenticated…

mitre·CWE-276·Published 2021-03-25

CVSS

9.8

EPSS

0.01

KEV

Exploits

cve.orgen

247 chars

Incorrect default permissions vulnerability in the API of Netop Vision Pro up to and including 9.7.1 allows a remote unauthenticated attacker to read and write files on the remote machine with system privileges resulting in a privilege escalation.

NVDen

247 chars

NVDes

277 chars

Una vulnerabilidad de permisos predeterminados incorrectos en la API de Netop Vision Pro versiones hasta 9.7.1 incluyéndola, permite a un atacante remoto no autenticado leer y escribir archivos en la máquina remota con privilegios system, resultando una escalada de privilegios

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	7.5	10.0	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H