Vulnerability Description
A local privilege escalation vulnerability was discovered in Erlang/OTP prior to version 23.2.3. By adding files to an existing installation's directory, a local attacker could hijack accounts of other users running Erlang programs or possibly coerce a service running with "erlsrv.exe" to execute arbitrary code as Local System. This can occur only under specific conditions on Windows with unsafe filesystem permissions.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Erlang | Erlang\/Otp | < 23.2.3 |
| Microsoft | Windows | - |
Related Weaknesses (CWE)
References
- https://deepsurface.com/deepsurface-security-advisory-local-privilege-escalationExploitThird Party Advisory
- https://github.com/erlang/otp/releases/tag/OTP-23.2.3Third Party Advisory
- https://deepsurface.com/deepsurface-security-advisory-local-privilege-escalationExploitThird Party Advisory
- https://github.com/erlang/otp/releases/tag/OTP-23.2.3Third Party Advisory
FAQ
What is CVE-2021-29221?
CVE-2021-29221 is a vulnerability with a CVSS score of 7.0 (HIGH). A local privilege escalation vulnerability was discovered in Erlang/OTP prior to version 23.2.3. By adding files to an existing installation's directory, a local attacker could hijack accounts of othe...
How severe is CVE-2021-29221?
CVE-2021-29221 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-29221?
Check the references section above for vendor advisories and patch information. Affected products include: Erlang Erlang\/Otp, Microsoft Windows.