MITRE CALDERA 2.8.1 Human Plugin os.system name os command injection

A vulnerability was found in MITRE CALDERA 2.8.1. It has been rated as critical. Affected by this issue is the function os.system of the component Human Plugin. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field01/13/2022 06:26 AM01/15/2022 11:24 AM
vendorMITREMITRE
nameCALDERACALDERA
version2.8.12.8.1
componentHuman PluginHuman Plugin
functionos.systemos.system
argumentnamename
cwe78 (privilege escalation)78 (privilege escalation)
risk22
cvss3_vuldb_acLL
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aLL
cvss3_vuldb_ePP
cvss3_vuldb_rcRR
urlhttps://github.com/DrunkenShells/Disclosures/tree/master/CVE-2021-42561-Command%20Injection%20Via%20the%20Human%20Plugin-MITRE%20Calderahttps://github.com/DrunkenShells/Disclosures/tree/master/CVE-2021-42561-Command%20Injection%20Via%20the%20Human%20Plugin-MITRE%20Caldera
availability11
publicity11
urlhttps://github.com/DrunkenShells/Disclosures/tree/master/CVE-2021-42561-Command%20Injection%20Via%20the%20Human%20Plugin-MITRE%20Calderahttps://github.com/DrunkenShells/Disclosures/tree/master/CVE-2021-42561-Command%20Injection%20Via%20the%20Human%20Plugin-MITRE%20Caldera
cveCVE-2021-42561CVE-2021-42561
cve_assigned16345080001634508000
date1642028400 (01/13/2022)1642028400 (01/13/2022)
cvss2_vuldb_acLL
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss2_vuldb_ePOCPOC
cvss2_vuldb_rcURUR
cvss2_vuldb_avAA
cvss2_vuldb_auSS
cvss2_vuldb_rlNDND
cvss3_vuldb_avAA
cvss3_vuldb_prLL
cvss3_vuldb_rlXX
cvss2_vuldb_basescore5.25.2
cvss2_vuldb_tempscore4.44.4
cvss3_vuldb_basescore5.55.5
cvss3_vuldb_tempscore5.05.0
cvss3_meta_basescore5.55.5
cvss3_meta_tempscore5.05.0
price_0day$0-$5k$0-$5k
cve_nvd_summaryAn issue was discovered in CALDERA 2.8.1. When activated, the Human plugin passes the unsanitized name parameter to a python "os.system" function. This allows attackers to use shell metacharacters (e.g., backticks "``" or dollar parenthesis "$()" ) in order to escape the current command and execute arbitrary shell commands.

Do you want to use VulDB in your project?

Use the official API to access entries easily!