CVE-2021-37364 - OpenCVE

OpenClinic GA 5.194.18 is affected by Insecure Permissions. By default the Authenticated Users group has the modify permission to openclinic folders/files. A low privilege account is able to rename mysqld.exe or tomcat8.exe files located in bin folders and replace with a malicious file that would connect back to an attacking computer giving system level privileges (nt authority\system) due to the service running as Local System. While a low privilege user is unable to restart the service through the application, a restart of the computer triggers the execution of the malicious file. The application also have unquoted service path issues.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Openclinic Ga Project	Openclinic Ga

Configuration 1 [-]

cpe:2.3:a:openclinic_ga_project:openclinic_ga:5.194.18:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://sourceforge.net/projects/open-clinic/
https://sourceforge.net/projects/open-clinic/files/latest/download
https://www.exploit-db.com/exploits/50448

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-10-26T13:23:06

Updated: 2024-08-04T01:16:04.029Z

Reserved: 2021-07-21T00:00:00

Link: CVE-2021-37364

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-10-26T14:15:07.687

Modified: 2021-10-28T22:01:15.277

Link: CVE-2021-37364

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "OpenClinic GA 5.194.18 is affected by Insecure Permissions. By default the Authenticated Users group has the modify permission to openclinic folders/files. A low privilege account is able to rename mysqld.exe or tomcat8.exe files located in bin folders and replace with a malicious file that would connect back to an attacking computer giving system level privileges (nt authority\\system) due to the service running as Local System. While a low privilege user is unable to restart the service through the application, a restart of the computer triggers the execution of the malicious file. The application also have unquoted service path issues."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-10-26T13:23:06", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://sourceforge.net/projects/open-clinic/"}, {"tags": ["x_refsource_MISC"], "url": "https://sourceforge.net/projects/open-clinic/files/latest/download"}, {"tags": ["x_refsource_MISC"], "url": "https://www.exploit-db.com/exploits/50448"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-37364", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "OpenClinic GA 5.194.18 is affected by Insecure Permissions. By default the Authenticated Users group has the modify permission to openclinic folders/files. A low privilege account is able to rename mysqld.exe or tomcat8.exe files located in bin folders and replace with a malicious file that would connect back to an attacking computer giving system level privileges (nt authority\\system) due to the service running as Local System. While a low privilege user is unable to restart the service through the application, a restart of the computer triggers the execution of the malicious file. The application also have unquoted service path issues."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://sourceforge.net/projects/open-clinic/", "refsource": "MISC", "url": "https://sourceforge.net/projects/open-clinic/"}, {"name": "https://sourceforge.net/projects/open-clinic/files/latest/download", "refsource": "MISC", "url": "https://sourceforge.net/projects/open-clinic/files/latest/download"}, {"name": "https://www.exploit-db.com/exploits/50448", "refsource": "MISC", "url": "https://www.exploit-db.com/exploits/50448"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T01:16:04.029Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://sourceforge.net/projects/open-clinic/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://sourceforge.net/projects/open-clinic/files/latest/download"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.exploit-db.com/exploits/50448"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-37364", "datePublished": "2021-10-26T13:23:06", "dateReserved": "2021-07-21T00:00:00", "dateUpdated": "2024-08-04T01:16:04.029Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openclinic_ga_project:openclinic_ga:5.194.18:*:*:*:*:*:*:*", "matchCriteriaId": "AF76DCF5-6210-4357-B8B4-C9C05D39A833", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenClinic GA 5.194.18 is affected by Insecure Permissions. By default the Authenticated Users group has the modify permission to openclinic folders/files. A low privilege account is able to rename mysqld.exe or tomcat8.exe files located in bin folders and replace with a malicious file that would connect back to an attacking computer giving system level privileges (nt authority\\system) due to the service running as Local System. While a low privilege user is unable to restart the service through the application, a restart of the computer triggers the execution of the malicious file. The application also have unquoted service path issues."}, {"lang": "es", "value": "OpenClinic GA versi\u00f3n 5.194.18, est\u00e1 afectado por Permisos Inseguros. Por defecto, el grupo de usuarios autenticados presenta el permiso de modificaci\u00f3n de las carpetas/archivos de OpenClinic. Una cuenta de bajo privilegio es capaz de renombrar los archivos mysqld.exe o tomcat8.exe ubicados en las carpetas bin y reemplazarlos con un archivo malicioso que se conectar\u00eda de nuevo a un equipo atacante dando privilegios a nivel de sistema (nt authority\\system) debido a que el servicio es ejecutado como Sistema Local. Mientras que un usuario poco privilegiado no puede reiniciar el servicio mediante la aplicaci\u00f3n, un reinicio del ordenador desencadena una ejecuci\u00f3n del archivo malicioso. La aplicaci\u00f3n tambi\u00e9n presenta problemas de ruta de servicio no citada"}], "id": "CVE-2021-37364", "lastModified": "2021-10-28T22:01:15.277", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-10-26T14:15:07.687", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://sourceforge.net/projects/open-clinic/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://sourceforge.net/projects/open-clinic/files/latest/download"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/50448"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-732"}], "source": "nvd@nist.gov", "type": "Primary"}]}