cbcvebase.
CVE-2021-34805
published 2022-01-31

CVE-2021-34805: An issue was discovered in FAUST iServer before 9.0.019.019.7. For each URL request, it accesses the corresponding .fau file on the operating system without…

PriorityP265high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
26.82%
97.8th percentile
An issue was discovered in FAUST iServer before 9.0.019.019.7. For each URL request, it accesses the corresponding .fau file on the operating system without preventing %2e%2e%5c directory traversal.

Affected

1 ranges
VendorProductVersion rangeFixed in
land-softwarefaust_iserver>= 9.0.017.017.1-3 < 9.0.019.019.79.0.019.019.7

Detection & IOCsextracted from sources · hover to see the quote

url{{BaseURL}}/%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwindows%5cwin.ini
path%2e%2e%5c
  • HTTP GET request using encoded directory traversal sequence %5c%2e%2e (%5c=\, %2e%2e=..) targeting windows\win.ini; a 200 response containing all three strings 'bit app support', 'fonts', and 'extensions' in the body confirms successful LFI exploitation.
  • The vulnerability is triggered via URL path traversal using mixed encoding (%5c for backslash, %2e%2e for ..) against FAUST iServer's .fau file access mechanism; monitor HTTP requests containing repeated %5c%2e%2e sequences.
  • Affected product: FAUST iServer versions before 9.0.019.019.7 (confirmed vulnerable: 9.0.018.018.4). Alert on HTTP 200 responses to traversal paths on land-software iServer endpoints.
  • ·The traversal payload uses 12 levels of encoded backslash+dotdot (%5c%2e%2e) to reach the filesystem root before targeting windows\win.ini; the exact depth required may vary depending on the server's working directory depth.
  • ·This vulnerability is Windows-specific (targets win.ini); the traversal encoding relies on %5c (backslash) as the path separator, which is Windows-native and may not apply to non-Windows deployments.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:C/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.