Vulnerability Description
A shell command injection in the HW Events SNMP community in XoruX LPAR2RRD and STOR2RRD before 7.30 allows authenticated remote attackers to execute arbitrary shell commands as the user running the service.
CVSS Score
8.8
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xorux | Lpar2Rrd | < 7.30 |
| Xorux | Stor2Rrd | < 7.30 |
Related Weaknesses (CWE)
References
- https://github.com/orangecertcc/security-research/security/advisories/GHSA-xfw3-ExploitThird Party Advisory
- https://lpar2rrd.com/note730.phpRelease NotesVendor Advisory
- https://stor2rrd.com/note730.phpRelease NotesVendor Advisory
- https://github.com/orangecertcc/security-research/security/advisories/GHSA-xfw3-ExploitThird Party Advisory
- https://lpar2rrd.com/note730.phpRelease NotesVendor Advisory
- https://stor2rrd.com/note730.phpRelease NotesVendor Advisory
FAQ
What is CVE-2021-42372?
CVE-2021-42372 is a vulnerability with a CVSS score of 8.8 (HIGH). A shell command injection in the HW Events SNMP community in XoruX LPAR2RRD and STOR2RRD before 7.30 allows authenticated remote attackers to execute arbitrary shell commands as the user running the s...
How severe is CVE-2021-42372?
CVE-2021-42372 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-42372?
Check the references section above for vendor advisories and patch information. Affected products include: Xorux Lpar2Rrd, Xorux Stor2Rrd.