CVE-2021-42021 — Vulnetix

CVE-2021-42021 PUBLISHED CVSS 7.5 HIGH

A vulnerability has been identified in Siveillance Video DLNA Server (2019 R1), Siveillance Video DLNA Server (2019 R2), Siveillance Video DLNA Server (2019 R3), Siveillance Video DLNA Server (2020 R1), Siveillance Video DLNA Server (2020 R2), Siveillance Video DLNA Server (2020 R3), Siveillance Video DLNA Server (2021 R1). The affected application contains a path traversal vulnerability that could allow to read arbitrary files on the server that are outside the application’s web document directory. An unauthenticated remote attacker could exploit this issue to access sensitive information for subsequent attacks.

EPSS 0.99% · 77.2th percentile

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score

0.99%

77.2th percentile

Affected Products

Vendor	Product	Versions
siemens	siveillance_video_management_software_2019_r2
siemens	siveillance_video_management_software_2019_r1
Siemens	Siveillance Video DLNA Server	2019 R2, 2019 R3, 2020 R2
siemens	siveillance_video_management_software_2020_r1
siemens	siveillance_video_management_software_2020_r2
siemens	siveillance_video_management_software_2019_r3

Timeline

Nov 9, 2021 CVE Published
Nov 10, 2021 EPSS Score
Jan 4, 2022 EPSS Score
Jan 6, 2022 EPSS Score
Mar 1, 2022 EPSS Score
Apr 1, 2022 EPSS Score
Apr 25, 2022 EPSS Score
Jun 20, 2022 EPSS Score
Aug 15, 2022 EPSS Score
Dec 4, 2022 EPSS Score
Jan 29, 2023 EPSS Score
Mar 7, 2023 EPSS Score

References

Open in Interactive Console →