CVE-2021-40376
N/A
N/A
Summary
otris Update Manager 1.2.1.0 allows local users to achieve SYSTEM access via unauthenticated calls to exposed interfaces over a .NET named pipe. A remote attack may be possible as well, by leveraging WsHTTPBinding for HTTP traffic on TCP port 9000.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://www.otris.com
- https://www.tuv.com/landingpage/en/vulnerability-disclosure/
- https://www.tuv.com/content-media-files/master-content/global-landingpages/images/vulnerability-disclosure/tuv-rheinland-security-advisory-local-privilege-escalation-vulnerability-in-otris-update-manager.pdf
References
- https://www.otris.com
- https://www.tuv.com/landingpage/en/vulnerability-disclosure/
- https://www.tuv.com/content-media-files/master-content/global-landingpages/images/vulnerability-disclosure/tuv-rheinland-security-advisory-local-privilege-escalation-vulnerability-in-otris-update-manager.pdf
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.