CVE-2021-40845 : The web part of Zenitel AlphaCom XE Audio Server through 11.2.3.10, called Alpha

The web part of Zenitel AlphaCom XE Audio Server through 11.2.3.10, called AlphaWeb XE, does not restrict file upload in the Custom Scripts section at php/index.php. Neither the content nor extension of the uploaded files is checked, allowing execution of PHP code under the /cmd directory.

Published 2021-09-15 13:15:08

Updated 2021-09-27 20:52:25

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2021-40845

Zenitel » Alphacom Xe Audio Server
Versions up to, including, (<=) 11.2.3.10
cpe:2.3:a:zenitel:alphacom_xe_audio_server:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2021-40845

EPSS FAQ

17.73%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 95 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-40845

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.5	MEDIUM	AV:N/AC:L/Au:S/C:P/I:P/A:P	8.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	2.8	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2021-40845

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2021-40845

http://packetstormsecurity.com/files/164160/Zenitel-AlphaCom-XE-Audio-Server-11.2.3.10-Shell-Upload.html

Zenitel AlphaCom XE Audio Server 11.2.3.10 Shell Upload ≈ Packet Storm
Exploit;Third Party Advisory;VDB Entry
https://ricardojoserf.github.io/CVE-2021-40845/

CVE-2021-40845 - AlphaWeb Authenticated RCE – Ricardo Ruiz – Pentesting, scripting and dumb ideas!
Exploit;Third Party Advisory
https://github.com/ricardojoserf/CVE-2021-40845

GitHub - ricardojoserf/CVE-2021-40845: AlphaWeb XE, the embedded web server running on AlphaCom XE, has a vulnerability which allows to upload PHP files leading to RCE once the authentication is succe
Exploit;Third Party Advisory
http://packetstormsecurity.com/files/164149/Zenitel-AlphaCom-XE-Audio-Server-11.2.3.10-Shell-Upload.html

Zenitel AlphaCom XE Audio Server 11.2.3.10 Shell Upload ≈ Packet Storm
Third Party Advisory;VDB Entry

Jump to

Vulnerability Details : CVE-2021-40845

Products affected by CVE-2021-40845

Exploit prediction scoring system (EPSS) score for CVE-2021-40845

CVSS scores for CVE-2021-40845

CWE ids for CVE-2021-40845

References for CVE-2021-40845