CVE-2021-42562 PoC — Caldera 安全漏洞

Source

https://github.com/mbadanoiu/CVE-2021-42562

Associated Vulnerability

Title:Caldera 安全漏洞 (CVE-2021-42562)
Description:Caldera是法国Caldera公司的一套能够为打印机设备提供色彩管理、成像和处理解决方案的软件。 Caldera 2.8.1版本存在安全漏洞，该漏洞源于软件没有正确地隔离用户权限，导致非管理员用户有权读取和修改配置或其他应该只有管理员用户才能访问的组件。

Description

CVE-2021-42562: Improper Access Control in MITRE Caldera

Readme

# CVE-2021-42562: Improper Access Control in MITRE Caldera

Caldera (versions <=2.8.1) does not properly segregate user privileges, resulting in non-admin users having access to read and modify configuration or other components which should only be accessible by admin users. 

### Vendor Disclosure:

The vendor's disclosure for this vulnerability can be found [here](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42562).

### Requirements:

This vulnerability requires:
<br/>
- Valid non-admin user credentials

### Proof Of Concept:

More details and the exploitation process can be found in this [PDF](https://github.com/mbadanoiu/CVE-2021-42562/blob/main/Caldera%20-%20CVE-2021-42562.pdf).

### Additional Resources:

This vulnerability allows a non-admin user to exploit the vulnerability [CVE-2021-42559: Command Injection via Configurations in MITRE Caldera](https://github.com/mbadanoiu/CVE-2021-42559) in order to achieve remote code execution.

File Snapshot


 [4.0K]  /data/pocs/e1c19e3f1ce54ade1c39f49eb174788fa442a008
├── [319K]  Caldera - CVE-2021-42562.pdf
└── [ 965]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!