Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

MNDT-2022-0027

Archer Platform 6.x before 6.11 (6.11.0.0) contains a Remote Code Execution Vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to gain access to files that should only be allowed by extra privileges. 6.10 P2 (6.10.0.2) and 6.9 SP3 P4 (6.9.3.4) are also fixed releases.

Common Weakness Enumeration

CWE-434: Unrestricted Upload of File with Dangerous Type

Impact

Very High - An authenticated attacker who exploits this vulnerability could execute arbitrary code on the affected host, which could disclose sensitive data and give the attacker a foothold into the victim's environment.

Exploitability

High - An attacker would need to discover the vulnerable endpoints and upload malicious code to exploit this issue.

CVE Reference

CVE-2021-33615

Technical Details

It's possible to upload arbritary files to the IconUploadHandler.ashx and GraphicUploadHandler.ashx endpoints. A threat actor can use this to upload an ASP web shell to execute arbvritary code on the underlying web server.

Discovery Credits

Mandiant, Angelo Alviar, Michael Maturi, and Troy Knutson

Disclosure Timeline

  • 2021-05-27 - Issue reported to RSA Archer.
  • 2022-05-26 - RSA Archer released a patch and posted a public Security Advisory.

References