ID

VAR-202111-0593


CVE

CVE-2021-43492


TITLE

Alquist Path Traversal Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2022-10718 // CNNVD: CNNVD-202111-1151

DESCRIPTION

AlquistManager branch as of commit 280d99f43b11378212652e75f6f3159cde9c1d36 is affected by a directory traversal vulnerability. This attack can cause the disclosure of critical secrets stored anywhere on the system andcan significantly aid in getting remote code access. AlquistManager Exists in a past traversal vulnerability.Information may be obtained. Alquist is an advanced conversational Ai robot. For interesting and engaging conversations with humans on trending topics such as movies, sports, news, etc. No detailed vulnerability details are currently provided

Trust: 2.16

sources: NVD: CVE-2021-43492 // JVNDB: JVNDB-2021-014975 // CNVD: CNVD-2022-10718

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-10718

AFFECTED PRODUCTS

vendor:alquistaimodel:alquistscope:eqversion:2017-06-13

Trust: 1.6

vendor:alquist aimodel:alquistscope:eqversion: -

Trust: 0.8

vendor:alquist aimodel:alquistscope: - version: -

Trust: 0.8

sources: CNVD: CNVD-2022-10718 // JVNDB: JVNDB-2021-014975 // NVD: CVE-2021-43492

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-43492
value: HIGH

Trust: 1.0

NVD: CVE-2021-43492
value: HIGH

Trust: 0.8

CNVD: CNVD-2022-10718
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202111-1151
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2021-43492
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2022-10718
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2021-43492
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-43492
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2022-10718 // JVNDB: JVNDB-2021-014975 // CNNVD: CNNVD-202111-1151 // NVD: CVE-2021-43492

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.0

problemtype:Path traversal (CWE-22) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-014975 // NVD: CVE-2021-43492

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202111-1151

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202111-1151

PATCH

title:[Security]url:https://github.com/AlquistManager/alquist/issues/42

Trust: 0.8

sources: JVNDB: JVNDB-2021-014975

EXTERNAL IDS

db:NVDid:CVE-2021-43492

Trust: 3.8

db:JVNDBid:JVNDB-2021-014975

Trust: 0.8

db:CNVDid:CNVD-2022-10718

Trust: 0.6

db:CNNVDid:CNNVD-202111-1151

Trust: 0.6

sources: CNVD: CNVD-2022-10718 // JVNDB: JVNDB-2021-014975 // CNNVD: CNNVD-202111-1151 // NVD: CVE-2021-43492

REFERENCES

url:https://github.com/alquistmanager/alquist/issues/42

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-43492

Trust: 1.4

sources: JVNDB: JVNDB-2021-014975 // CNNVD: CNNVD-202111-1151 // NVD: CVE-2021-43492

SOURCES

db:CNVDid:CNVD-2022-10718
db:JVNDBid:JVNDB-2021-014975
db:CNNVDid:CNNVD-202111-1151
db:NVDid:CVE-2021-43492

LAST UPDATE DATE

2024-11-23T22:33:00.228000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-10718date:2022-02-16T00:00:00
db:JVNDBid:JVNDB-2021-014975date:2022-11-04T03:58:00
db:CNNVDid:CNNVD-202111-1151date:2021-11-25T00:00:00
db:NVDid:CVE-2021-43492date:2024-11-21T06:29:18.550

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-10718date:2021-11-16T00:00:00
db:JVNDBid:JVNDB-2021-014975date:2022-11-04T00:00:00
db:CNNVDid:CNNVD-202111-1151date:2021-11-12T00:00:00
db:NVDid:CVE-2021-43492date:2021-11-12T15:15:10.997