Cyber Resilience

CVE-2021-27183

HighPublic PoC

Published: 14 April 2021

Published
14 April 2021
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0429 89.1th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-27183 is a high-severity Externally Controlled Reference to a Resource in Another Sphere (CWE-610) vulnerability in Altn Mdaemon. Its CVSS base score is 7.2 (High).

Operationally, ranked in the top 10.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

An issue was discovered in MDaemon before 20.0.4. Administrators can use Remote Administration to exploit an Arbitrary File Write vulnerability. An attacker is able to create new files in any location of the filesystem, or he may be able to…

more

modify existing files. This vulnerability may directly lead to Remote Code Execution.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

altn
mdaemon
≤ 20.0.4

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-610

Limits impact of an externally controlled reference to a primary information resource by switching to an identified alternative.

References