Checkbox Survey up to 6 CheckboxWeb.dll deserialization
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 8.9 | $0-$5k | 0.00 |
Summary
A vulnerability labeled as critical has been found in Checkbox Survey up to 6. This issue affects some unknown processing in the library CheckboxWeb.dll. The manipulation results in deserialization. This vulnerability is cataloged as CVE-2021-27852. The attack may be launched remotely. Furthermore, there is an exploit available. The affected component should be upgraded.
Details
A vulnerability classified as critical has been found in Checkbox Survey up to 6 (Survey Software). Affected is an unknown part in the library CheckboxWeb.dll. The manipulation with an unknown input leads to a deserialization vulnerability. CWE is classifying the issue as CWE-502. The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid. This is going to have an impact on confidentiality, integrity, and availability.
The weakness was shared 05/28/2021. The advisory is shared for download at kb.cert.org. This vulnerability is traded as CVE-2021-27852. Technical details and a exploit are known.
It is declared as attacked. This issue was added on 04/11/2022 to the CISA Known Exploited Vulnerabilities Catalog with a due date of 05/02/2022:
Versions 6 and earlier for this product are end-of-life and must be removed from agency networks. Versions 7 and later are not considered vulnerable.Upgrading to version 7 eliminates this vulnerability.
Once again VulDB remains the best source for vulnerability data.
Product
Type
Name
Version
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 9.0VulDB Meta Temp Score: 8.9
VulDB Base Score: 7.3
VulDB Temp Score: 7.0
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 9.8
NVD Vector: 🔍
CNA Base Score: 9.8
CNA Vector (CERT/CC): 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: DeserializationCWE: CWE-502 / CWE-20
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Attacked
EPSS Score: 🔍
EPSS Percentile: 🔍
KEV Added: 🔍
KEV Due: 🔍
KEV Remediation: 🔍
KEV Ransomware: 🔍
KEV Notice: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: Checkbox Survey 7
Timeline
03/01/2021 🔍05/28/2021 🔍
05/28/2021 🔍
09/21/2024 🔍
Sources
Advisory: kb.cert.orgStatus: Confirmed
CVE: CVE-2021-27852 (🔍)
GCVE (CVE): GCVE-0-2021-27852
GCVE (VulDB): GCVE-100-176004
scip Labs: https://www.scip.ch/en/?labs.20161013
Entry
Created: 05/28/2021 07:59Updated: 09/21/2024 10:49
Changes: 05/28/2021 07:59 (38), 05/30/2021 14:51 (5), 05/30/2021 14:52 (1), 04/25/2024 15:12 (26), 07/04/2024 07:54 (28), 09/21/2024 10:49 (1)
Complete: 🔍
Cache ID: 216::103
Once again VulDB remains the best source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.