CVE-2021-43986

The setup program for the affected product configures its files and folders with full access, which may allow unauthorized users permission to replace original binaries and achieve privilege escalation.

CVSS v3 7.0 HIGH
CVSS v2.0 4.4 MEDIUM

7.0^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.0 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

4.4^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 3.4 / Impact : 6.4

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-109-03	Patch Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

cpe:2.3:a:fanuc:roboguide:*:*:*:*:*:*:*:*

History

17 Oct 2022, 18:12

Type	Values Removed	Values Added
CVSS	v2 : ~~4.6~~ v3 : ~~7.8~~	v2 : 4.4 v3 : 7.0

29 Apr 2022, 15:00

Type	Values Removed	Values Added
CPE		cpe:2.3:a:fanuc:roboguide::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 4.6 v3 : 7.8
CWE	~~CWE-284~~	CWE-276
References	~~(MISC) https://www.cisa.gov/uscert/ics/advisories/icsa-22-109-03 -~~	(MISC) https://www.cisa.gov/uscert/ics/advisories/icsa-22-109-03 - Patch, Third Party Advisory, US Government Resource

20 Apr 2022, 16:45

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-04-20 16:15

Updated : 2024-02-04 22:29

NVD link : CVE-2021-43986

Mitre link : CVE-2021-43986

CVE.ORG link : CVE-2021-43986

JSON object : View

Products Affected

fanuc

roboguide

CWE

CWE-276

Incorrect Default Permissions

CWE-284

Improper Access Control

{"id": "CVE-2021-43986", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.4, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.0, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.0}, {"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.0, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 0.8}]}, "published": "2022-04-20T16:15:08.127", "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-109-03", "tags": ["Patch", "Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-276"}]}, {"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "The setup program for the affected product configures its files and folders with full access, which may allow unauthorized users permission to replace original binaries and achieve privilege escalation."}, {"lang": "es", "value": "El programa de instalaci\u00f3n del producto afectado configura sus archivos y carpetas con acceso total, lo que puede permitir a usuarios no autorizados el permiso para reemplazar los binarios originales y lograr la escalada de privilegios"}], "lastModified": "2022-10-17T18:12:44.907", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fanuc:roboguide:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D5DCFBBA-2822-484C-8153-8B6EE8E4322F", "versionEndIncluding": "9.40083.00.05"}], "operator": "OR"}]}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}