Details of VAR-202112-0322

ID

VAR-202112-0322

CVE

CVE-2021-42990

TITLE

Windows for FlexiHub Classic buffer overflow vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-015898

DESCRIPTION

FlexiHub For Windows is affected by Buffer Overflow. IOCTL Handler 0x22001B in the FlexiHub For Windows above 2.0.4340 below 5.3.14268 allows local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. Windows for FlexiHub Exists in a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. FlexiHub is a sharing and accessing remote device of the FlexiHub team. Flexhub For Windows has a security vulnerability

Trust: 2.16

sources: NVD: CVE-2021-42990 // JVNDB: JVNDB-2021-015898 // CNVD: CNVD-2021-95608

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-95608

AFFECTED PRODUCTS

vendor:	flexihub	model:	flexihub	scope:	lt	version:	5.3.14268	Trust: 1.0
vendor:	flexihub	model:	flexihub	scope:	gt	version:	2.0.4340	Trust: 1.0
vendor:	flexihub	model:	flexihub	scope:	eq	version:	2.0.4340 greater than 5.3.14268	Trust: 0.8
vendor:	flexihub	model:	flexihub	scope:	eq	version:	-	Trust: 0.8
vendor:	flexihub	model:	for windows	scope:	gt	version:	2.0.4340,<5.3.14268	Trust: 0.6

sources: CNVD: CNVD-2021-95608 // JVNDB: JVNDB-2021-015898 // NVD: CVE-2021-42990

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-42990
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-42990
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2021-95608
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202112-494
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2021-42990
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2021-95608
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-42990
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.0
impactScore:	6.0
version:	3.1
Trust: 1.0
NVD:	CVE-2021-42990
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-95608 // JVNDB: JVNDB-2021-015898 // CNNVD: CNNVD-202112-494 // NVD: CVE-2021-42990

PROBLEMTYPE DATA

problemtype:	CWE-120	Trust: 1.0
problemtype:	Classic buffer overflow (CWE-120) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-015898 // NVD: CVE-2021-42990

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202112-494

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202112-494

PATCH

title:

top page

url:

https://www.flexihub.com/jp/

Trust: 0.8

sources: JVNDB: JVNDB-2021-015898

EXTERNAL IDS

db:	NVD	id:	CVE-2021-42990	Trust: 3.8
db:	JVNDB	id:	JVNDB-2021-015898	Trust: 0.8
db:	CNVD	id:	CNVD-2021-95608	Trust: 0.6
db:	CNNVD	id:	CNNVD-202112-494	Trust: 0.6

sources: CNVD: CNVD-2021-95608 // JVNDB: JVNDB-2021-015898 // CNNVD: CNNVD-202112-494 // NVD: CVE-2021-42990

REFERENCES

url:	https://www.sentinelone.com/labs/usb-over-ethernet-multiple-privilege-escalation-vulnerabilities-in-aws-and-other-major-cloud-services/	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2021-42990	Trust: 2.0

sources: CNVD: CNVD-2021-95608 // JVNDB: JVNDB-2021-015898 // CNNVD: CNNVD-202112-494 // NVD: CVE-2021-42990

SOURCES

db:	CNVD	id:	CNVD-2021-95608
db:	JVNDB	id:	JVNDB-2021-015898
db:	CNNVD	id:	CNNVD-202112-494
db:	NVD	id:	CVE-2021-42990

LAST UPDATE DATE

2024-11-23T22:54:45.473000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-95608	date:	2021-12-09T00:00:00
db:	JVNDB	id:	JVNDB-2021-015898	date:	2022-12-02T02:35:00
db:	CNNVD	id:	CNNVD-202112-494	date:	2022-07-01T00:00:00
db:	NVD	id:	CVE-2021-42990	date:	2024-11-21T06:28:22.213

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-95608	date:	2021-12-09T00:00:00
db:	JVNDB	id:	JVNDB-2021-015898	date:	2022-12-02T00:00:00
db:	CNNVD	id:	CNNVD-202112-494	date:	2021-12-07T00:00:00
db:	NVD	id:	CVE-2021-42990	date:	2021-12-07T20:15:07.760