CVE-2021-33214

Description

In HMS Ewon eCatcher through 6.6.4, weak filesystem permissions could allow malicious users to access files that could lead to sensitive information disclosure, modification of configuration files, or disruption of normal system operation.

Related CPE's

a hms-networks ecatcher ********

References

https://www.ewon.biz/technical-support/pages/talk2m/talk2m-tools/talk2m-ecatcher

Vendor Advisory

https://labs.bishopfox.com/advisories

Third Party Advisory

https://cdn.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2021-07-09-001---ewon-ecatcher.pdf?sfvrsn=b37418d7_4

Vendor Advisory

https://www.ewon.biz/about-us/security

Vendor Advisory

CvssV3 impact

BaseSeverity	MEDIUM
ConfidentialityImpact	LOW
AttackComplexity	LOW
Scope	UNCHANGED
AttackVector	LOCAL
AvailabilityImpact	HIGH
IntegrityImpact	LOW
PrivilegesRequired	LOW
BaseScore	6.1
VectorString	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H
Version	3.1
UserInteraction	REQUIRED

CvssV2 impact

AccessComplexity	MEDIUM
ConfidentialityImpact	PARTIAL
AvailabilityImpact	PARTIAL
IntegrityImpact	PARTIAL
BaseScore	6
VectorString	AV:N/AC:M/Au:S/C:P/I:P/A:P
Version	2.0
AccessVector	NETWORK
Authentication	SINGLE

Created by Yello

About Severity.io