Vulnerability Description
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent (DSA) uses the ".debug_command.config" file to store a json string that contains a list of IDs and pre-configured commands. The config file is subsequently used by the "/api/appInternals/1.0/agent/configuration" API to map the corresponding ID to a command to be executed.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Riverbed | Steelcentral Appinternals Dynamic Sampling Agent | >= 11.0.0, < 11.8.8 |
Related Weaknesses (CWE)
References
- https://aternity.force.com/customersuccess/s/article/Local-privilege-escalation-Third Party Advisory
- https://aternity.force.com/customersuccess/s/article/Local-privilege-escalation-Third Party Advisory
FAQ
What is CVE-2021-42855?
CVE-2021-42855 is a vulnerability with a CVSS score of 7.8 (HIGH). It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent (DSA) uses the ".debug_command.config" file to store a json string that contains a list of IDs and pre-configured commands. ...
How severe is CVE-2021-42855?
CVE-2021-42855 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-42855?
Check the references section above for vendor advisories and patch information. Affected products include: Riverbed Steelcentral Appinternals Dynamic Sampling Agent.