An issue was discovered in Druva 6.9.0 for MacOS, allows attackers to gain escalated local privileges via the inSyncDecommission.
References
| Link | Resource |
|---|---|
| http://druva.com | Product |
| https://docs.druva.com/Knowledge_Base/Security_Update/Security_Advisory_for_inSync_Client_7.0.1_and_before | Vendor Advisory |
| https://imhotepisinvisible.com/druva-lpe/ | Exploit Patch Technical Description Third Party Advisory |
Configurations
History
08 Aug 2023, 14:22
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-426 |
20 Jul 2022, 17:01
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-269 | |
| CVSS |
v2 : v3 : |
v2 : 7.2
v3 : 7.8 |
| CPE | cpe:2.3:a:druva:insync_client:*:*:*:*:*:macos:*:* | |
| References | (MISC) https://docs.druva.com/Knowledge_Base/Security_Update/Security_Advisory_for_inSync_Client_7.0.1_and_before - Vendor Advisory | |
| References | (MISC) https://imhotepisinvisible.com/druva-lpe/ - Exploit, Patch, Technical Description, Third Party Advisory | |
| References | (MISC) http://druva.com - Product |
13 Jul 2022, 17:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
12 Jul 2022, 14:28
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2022-07-12 14:15
Updated : 2024-02-04 22:51
NVD link : CVE-2021-36666
Mitre link : CVE-2021-36666
CVE.ORG link : CVE-2021-36666
JSON object : View
Products Affected
druva
- insync_client
CWE
CWE-426
Untrusted Search Path