CVE-2021-43359Incorrect Permission Assignment in Ehrd

CWE-732Incorrect Permission Assignment3 documents3 sources
Severity
8.8HIGHNVD
EPSS
0.6%
top 29.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Sunnet EhrdSUN Ehrd
Timeline
PublishedDec 1
Latest updateDec 2

Description

Sunnet eHRD has broken access control vulnerability, which allows a remote attacker to access account management page after being authenticated as a general user, then perform privilege escalation to execute arbitrary code and control the system or interrupt services.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5sunnet/ehrd8, 9+1
NVDsun/ehrd8, 9+1

🔴Vulnerability Details

2
GHSA
GHSA-597v-2jmx-wwjx: Sunnet eHRD has broken access control vulnerability, which allows a remote attacker to access account management page after being authenticated as a g2021-12-02
CVEList
Sunnet eHRD - Broken Access Control2021-12-01
CVE-2021-43359 — Incorrect Permission Assignment | cvebase