Vulnerability Description
Traccar is an open source GPS tracking system. In Traccar before version 4.12 there is an unquoted Windows binary path vulnerability. Only Windows versions are impacted. Attacker needs write access to the filesystem on the host machine. If Java path includes a space, then attacker can lift their privilege to the same as Traccar service (system). This is fixed in version 4.12.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Traccar | Traccar | < 4.12 |
| Microsoft | Windows | - |
Related Weaknesses (CWE)
References
- https://github.com/traccar/traccar/commit/cc69a9907ac9878db3750aa14ffedb28626455PatchThird Party Advisory
- https://github.com/traccar/traccar/security/advisories/GHSA-j75r-7qm5-62q5Third Party Advisory
- https://www.traccar.org/Product
- https://github.com/traccar/traccar/commit/cc69a9907ac9878db3750aa14ffedb28626455PatchThird Party Advisory
- https://github.com/traccar/traccar/security/advisories/GHSA-j75r-7qm5-62q5Third Party Advisory
- https://www.traccar.org/Product
FAQ
What is CVE-2021-21292?
CVE-2021-21292 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Traccar is an open source GPS tracking system. In Traccar before version 4.12 there is an unquoted Windows binary path vulnerability. Only Windows versions are impacted. Attacker needs write access to...
How severe is CVE-2021-21292?
CVE-2021-21292 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-21292?
Check the references section above for vendor advisories and patch information. Affected products include: Traccar Traccar, Microsoft Windows.