Vulnerability Details : CVE-2021-41067
Potential exploit
An issue was discovered in Listary through 6. Improper implementation of the update process leads to the download of software updates with a /check-update HTTP-based connection. This can be exploited with MITM techniques. Together with the lack of package validation, it can lead to manipulation of update packages that can cause an installation of malicious content.
Products affected by CVE-2021-41067
- cpe:2.3:a:listary:listary:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-41067
0.20%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 39 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-41067
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.6
|
HIGH | AV:N/AC:H/Au:N/C:C/I:C/A:C |
4.9
|
10.0
|
NIST | |
|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.6
|
5.9
|
NIST |
CWE ids for CVE-2021-41067
-
The product does not validate or incorrectly validates the integrity check values or "checksums" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-41067
-
https://www.listary.com/download
Listary Download Page – ListaryVendor Advisory
-
https://medium.com/@tomerp_77017/exploiting-listary-searching-your-way-to-system-privileges-8175af676c3e
exploiting Listary: Searching your way to SYSTEM privileges | by Tomer Peled | Dec, 2021 | MediumExploit;Third Party Advisory
Jump to