Vulnerability Description
A function in MDT AutoSave versions prior to v6.02.06 is used to retrieve system information for a specific process, and this information collection executes multiple commands and summarizes the information into an XML. This function and subsequent process gives full path to the executable and is therefore vulnerable to binary hijacking.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Auvesy-Mdt | Autosave | < 6.02.06 |
| Auvesy-Mdt | Autosave For System Platform | < 4.01 |
Related Weaknesses (CWE)
References
- https://www.cisa.gov/uscert/ics/advisories/icsa-21-189-02MitigationThird Party AdvisoryUS Government Resource
- https://www.cisa.gov/uscert/ics/advisories/icsa-21-189-02MitigationThird Party AdvisoryUS Government Resource
FAQ
What is CVE-2021-32957?
CVE-2021-32957 is a vulnerability with a CVSS score of 7.5 (HIGH). A function in MDT AutoSave versions prior to v6.02.06 is used to retrieve system information for a specific process, and this information collection executes multiple commands and summarizes the infor...
How severe is CVE-2021-32957?
CVE-2021-32957 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-32957?
Check the references section above for vendor advisories and patch information. Affected products include: Auvesy-Mdt Autosave, Auvesy-Mdt Autosave For System Platform.