Vulnerability Details : CVE-2021-3331
WinSCP before 5.17.10 allows remote attackers to execute arbitrary programs when the URL handler encounters a crafted URL that loads session settings. (For example, this is exploitable in a default installation in which WinSCP is the handler for sftp:// URLs.)
Products affected by CVE-2021-3331
- cpe:2.3:a:winscp:winscp:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-3331
0.53%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 74 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-3331
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
References for CVE-2021-3331
-
https://github.com/winscp/winscp/commit/faa96e8144e6925a380f94a97aa382c9427f688d
Bug 1943: Prevent loading session settings that can lead to remote co… · winscp/winscp@faa96e8 · GitHubPatch;Third Party Advisory
-
https://winscp.net/eng/docs/rawsettings
Raw Site Settings :: WinSCPVendor Advisory
-
https://winscp.net/tracker/1943
Bug 1943 – Prevent loading session settings that can lead to remote code execution from handled URLs :: Tracker :: WinSCPPatch;Vendor Advisory
-
https://winscp.net/eng/docs/history#5.17.10
Recent Version History :: WinSCPRelease Notes;Vendor Advisory
Jump to