VDB
CVE-2021-31800
CVE-2021-31800
PUBLISHED
Multiple path traversal vulnerabilities exist in smbserver.py in Impacket through 0.9.22. An attacker that connects to a running smbserver instance can list and write to arbitrary files via ../ directory traversal. This could potentially be abused to achieve arbitrary code execution by replacing /etc/shadow or an SSH authorized key.
EPSS 39.79% · 97.4th percentile
Risk Scores
EPSS Score
39.79%
97.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | impacket | 0.9.15-1, 0 |
| Ubuntu:20.04:LTS | impacket | 0.9.20-4, 0.9.20-5, 0 |
| Ubuntu:24.04:LTS | impacket | 0, 0.11.0-2, 0.11.0-1 |
| Ubuntu:22.04:LTS | impacket | 0.9.22-2, 0.9.24-1, 0 |
| Ubuntu:25.10 | impacket | 0.12.0-3, 0 |
| Ubuntu:16.04:LTS | impacket | 0, 0.9.12-1 |
Timeline
- May 5, 2021 EPSS Score
- May 5, 2021 CVE Published
- Jul 8, 2021 EPSS Score
- Sep 8, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Jan 10, 2022 EPSS Score
- Mar 13, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Jul 16, 2022 EPSS Score
- Aug 4, 2022 EPSS Score
- Nov 16, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2021-31800 third-party-advisory
- https://github.com/SecureAuthCorp/impacket/commit/49c643bf66620646884ed141c94e5fdd85bcdd2f third-party-advisory
- https://github.com/SecureAuthCorp/impacket/blob/cb6d43a677c338db930bc4e9161620832c1ec624/impacket/smbserver.py#L2008 third-party-advisory
- https://github.com/SecureAuthCorp/impacket/releases third-party-advisory
- https://github.com/SecureAuthCorp/impacket/blob/cb6d43a677c338db930bc4e9161620832c1ec624/impacket/smbserver.py#L876 third-party-advisory
- https://github.com/SecureAuthCorp/impacket/blob/cb6d43a677c338db930bc4e9161620832c1ec624/impacket/smbserver.py#L2958 third-party-advisory
- https://github.com/SecureAuthCorp/impacket/blob/cb6d43a677c338db930bc4e9161620832c1ec624/impacket/smbserver.py#L3485 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2021-31800 third-party-advisory