CVE-2021-42562 PoC — Caldera 安全漏洞

Source

https://github.com/mbadanoiu/CVE-2021-42562

Associated Vulnerability

Title:Caldera 安全漏洞 (CVE-2021-42562)
Description:An issue was discovered in CALDERA 2.8.1. It does not properly segregate user privileges, resulting in non-admin users having access to read and modify configuration or other components that should only be accessible by admin users.

Description

CVE-2021-42562: Improper Access Control in MITRE Caldera

Readme

# CVE-2021-42562: Improper Access Control in MITRE Caldera

Caldera (versions <=2.8.1) does not properly segregate user privileges, resulting in non-admin users having access to read and modify configuration or other components which should only be accessible by admin users. 

### Vendor Disclosure:

The vendor's disclosure for this vulnerability can be found [here](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42562).

### Requirements:

This vulnerability requires:
<br/>
- Valid non-admin user credentials

### Proof Of Concept:

More details and the exploitation process can be found in this [PDF](https://github.com/mbadanoiu/CVE-2021-42562/blob/main/Caldera%20-%20CVE-2021-42562.pdf).

### Additional Resources:

This vulnerability allows a non-admin user to exploit the vulnerability [CVE-2021-42559: Command Injection via Configurations in MITRE Caldera](https://github.com/mbadanoiu/CVE-2021-42559) in order to achieve remote code execution.

File Snapshot


 [4.0K]  /data/pocs/e1c19e3f1ce54ade1c39f49eb174788fa442a008
├── [319K]  Caldera - CVE-2021-42562.pdf
└── [ 965]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!