CVE-2021-34805
published 2022-01-31CVE-2021-34805: An issue was discovered in FAUST iServer before 9.0.019.019.7. For each URL request, it accesses the corresponding .fau file on the operating system without…
PriorityP265high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
26.82%
97.8th percentile
An issue was discovered in FAUST iServer before 9.0.019.019.7. For each URL request, it accesses the corresponding .fau file on the operating system without preventing %2e%2e%5c directory traversal.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| land-software | faust_iserver | >= 9.0.017.017.1-3 < 9.0.019.019.7 | 9.0.019.019.7 |
Detection & IOCsextracted from sources · hover to see the quote
url{{BaseURL}}/%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwindows%5cwin.ini↗
- →HTTP GET request using encoded directory traversal sequence %5c%2e%2e (%5c=\, %2e%2e=..) targeting windows\win.ini; a 200 response containing all three strings 'bit app support', 'fonts', and 'extensions' in the body confirms successful LFI exploitation. ↗
- →The vulnerability is triggered via URL path traversal using mixed encoding (%5c for backslash, %2e%2e for ..) against FAUST iServer's .fau file access mechanism; monitor HTTP requests containing repeated %5c%2e%2e sequences. ↗
- →Affected product: FAUST iServer versions before 9.0.019.019.7 (confirmed vulnerable: 9.0.018.018.4). Alert on HTTP 200 responses to traversal paths on land-software iServer endpoints. ↗
- ·The traversal payload uses 12 levels of encoded backslash+dotdot (%5c%2e%2e) to reach the filesystem root before targeting windows\win.ini; the exact depth required may vary depending on the server's working directory depth. ↗
- ·This vulnerability is Windows-specific (targets win.ini); the traversal encoding relies on %5c (backslash) as the path separator, which is Windows-native and may not apply to non-Windows deployments. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:C/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
FAUST iServer 9.0.018.018.4 - Local File Inclusion
nuclei·CVSS 7.5
CVE-2021-34805 [HIGH] FAUST iServer 9.0.018.018.4 - Local File Inclusion
FAUST iServer 9.0.018.018.4 - Local File Inclusion
FAUST iServer before 9.0.019.019.7 is susceptible to local file inclusion because for each URL request it accesses the corresponding .fau file on the operating system without preventing %2e%2e%5c directory traversal.
Template:
id: CVE-2021-34805
info:
name: FAUST iServer 9.0.018.018.4 - Local File Inclusion
author: 0x_Akoko
severity: high
description: FAUST iServer before 9.0.019.019.7 is susceptible to local file inclusion because for each URL request it accesses the corresponding .fau file on the operating system without preventing %2e%2e%5c directory traversal.
impact: |
Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server.
remediation: |
Apply the latest security patch or updat
No writeups or analysis indexed.
http://packetstormsecurity.com/files/165701/FAUST-iServer-9.0.018.018.4-Local-File-Inclusion.htmlhttp://www.land-software.de/lfs.fau?prj=iweb&dn=faust+iserverhttps://sec-consult.com/vulnerability-lab/http://packetstormsecurity.com/files/165701/FAUST-iServer-9.0.018.018.4-Local-File-Inclusion.htmlhttp://www.land-software.de/lfs.fau?prj=iweb&dn=faust+iserverhttps://sec-consult.com/vulnerability-lab/
2022-01-31
Published