Unrestricted File Upload Causing Remote Code Execution: Orion 2020.2.6

(CVE-2021-35244)

Summary

The "Log alert to a file" action within action management enables any Orion user with Orion alert management rights to write to any file. An attacker with Orion alert management rights could use this vulnerability to perform an unrestricted file upload causing a remote code execution.

Affected Products

Orion 2020.2.6 HF2

Fixed Software Release

Orion 2020.2.6 HF3

Acknowledgments

dibs working with Trend Micro's Zero Day Initiative.

Advisory Details

Severity

6.8 High

Advisory ID

CVE-2021-35244

First Published

12/20/2021

Fixed Version

Orion 2020.2.6 HF3

Workarounds

Public KB

CVSS Score

CVSS:3.0/AV:A/AC:H/PR:H/UI:N/
S:C/C:H/I:L/A:L