From Apache NiFi MiNiFi C++ version 0.5.0 the c2 protocol implements an "agent-update" command which was designed to patch the application binary. This "patching" command defaults to calling a trusted binary, but might be modified to an arbitrary value through a "c2-update" command. Said command is then executed using the same privileges as the application binary. This was addressed in version 0.10.0
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published:

Updated: 2024-08-03T23:42:20.264Z

Reserved: 2021-05-19T00:00:00

Link: CVE-2021-33191

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-08-24T12:15:07.307

Modified: 2024-11-21T06:08:28.960

Link: CVE-2021-33191

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.