OpenCVE

An arbitrary code execution vulnerability was found in the F-Secure Support Tool. A standard user can craft a special configuration file, which when run by administrator can execute any commands.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:S/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
F-secure	Client Security Countercept Elements Email And Server Security Server Security
Microsoft	Windows

Configuration 1 [-]

AND

OR	cpe:2.3:a:f-secure:client_security:-:::::::*
	cpe:2.3:a:f-secure:countercept:-:::::::*
	cpe:2.3:a:f-secure:elements:-:::::::*
	cpe:2.3:a:f-secure:email_and_server_security:-:::::::*
	cpe:2.3:a:f-secure:server_security:-:::::::*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.f-secure.com/en/business/support-and-downloads/security-advisories
https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-44750

History

No history.

MITRE

Status: PUBLISHED

Assigner: F-SecureUS

Published: 2022-03-09T11:38:29

Updated: 2024-08-04T04:32:13.070Z

Reserved: 2021-12-08T00:00:00

Link: CVE-2021-44750

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-03-10T17:44:23.660

Modified: 2024-11-21T06:31:31.560

Link: CVE-2021-44750

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "F-Secure Elements Agent, F-Secure MDR, F-Secure Client Security, F-Secure Server Security, F-Secure Email and Server Security, F-Secure Freedome VPN, F-Secure SAFE, F-Secure KEY, and F-Secure Internet Security / Anti-Virus", "vendor": "F-Secure", "versions": [{"status": "affected", "version": "All Version "}]}], "descriptions": [{"lang": "en", "value": "An arbitrary code execution vulnerability was found in the F-Secure Support Tool. A standard user can craft a special configuration file, which when run by administrator can execute any commands."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "Arbitrary Code Execution", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-03-09T16:56:20", "orgId": "126858f1-1b65-4b74-81ca-7034f7f7723f", "shortName": "F-SecureUS"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"}, {"tags": ["x_refsource_MISC"], "url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-44750"}], "solutions": [{"lang": "en", "value": "MITIGATION FACTOR\nUser interaction is required prior to exploitation. Administrative privileges is required to run arbitrary commands in the system."}], "source": {"discovery": "EXTERNAL"}, "title": "Arbitrary Code Execution", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve-notifications-us@f-secure.com", "ID": "CVE-2021-44750", "STATE": "PUBLIC", "TITLE": "Arbitrary Code Execution"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "F-Secure Elements Agent, F-Secure MDR, F-Secure Client Security, F-Secure Server Security, F-Secure Email and Server Security, F-Secure Freedome VPN, F-Secure SAFE, F-Secure KEY, and F-Secure Internet Security / Anti-Virus", "version": {"version_data": [{"version_affected": "=", "version_value": "All Version "}]}}]}, "vendor_name": "F-Secure"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An arbitrary code execution vulnerability was found in the F-Secure Support Tool. A standard user can craft a special configuration file, which when run by administrator can execute any commands."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Arbitrary Code Execution"}]}]}, "references": {"reference_data": [{"name": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories", "refsource": "MISC", "url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"}, {"name": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-44750", "refsource": "MISC", "url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-44750"}]}, "solution": [{"lang": "en", "value": "MITIGATION FACTOR\nUser interaction is required prior to exploitation. Administrative privileges is required to run arbitrary commands in the system."}], "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T04:32:13.070Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-44750"}]}]}, "cveMetadata": {"assignerOrgId": "126858f1-1b65-4b74-81ca-7034f7f7723f", "assignerShortName": "F-SecureUS", "cveId": "CVE-2021-44750", "datePublished": "2022-03-09T11:38:29", "dateReserved": "2021-12-08T00:00:00", "dateUpdated": "2024-08-04T04:32:13.070Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f-secure:client_security:-:*:*:*:*:*:*:*", "matchCriteriaId": "9EB0299E-30A5-48CF-9159-CB7E06B9BE02", "vulnerable": true}, {"criteria": "cpe:2.3:a:f-secure:countercept:-:*:*:*:*:*:*:*", "matchCriteriaId": "FA293BE9-69E6-4C20-A1D5-F9CC1B73BB80", "vulnerable": true}, {"criteria": "cpe:2.3:a:f-secure:elements:-:*:*:*:*:*:*:*", "matchCriteriaId": "49A48B56-5C57-4F22-ABC1-E99806B5CA34", "vulnerable": true}, {"criteria": "cpe:2.3:a:f-secure:email_and_server_security:-:*:*:*:*:*:*:*", "matchCriteriaId": "6A6261AA-513C-4DD0-9B2F-1A693BED2C48", "vulnerable": true}, {"criteria": "cpe:2.3:a:f-secure:server_security:-:*:*:*:*:*:*:*", "matchCriteriaId": "3FB84F1D-04A3-4E66-BF74-ED3D4297A048", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An arbitrary code execution vulnerability was found in the F-Secure Support Tool. A standard user can craft a special configuration file, which when run by administrator can execute any commands."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo arbitrario en la herramienta de soporte de F-Secure. Un usuario est\u00e1ndar puede dise\u00f1ar un archivo de configuraci\u00f3n especial, que cuando es ejecutado por el administrador puede ejecutar cualquier comando"}], "id": "CVE-2021-44750", "lastModified": "2024-11-21T06:31:31.560", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 8.5, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 5.9, "source": "cve-notifications-us@f-secure.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-03-10T17:44:23.660", "references": [{"source": "cve-notifications-us@f-secure.com", "tags": ["Vendor Advisory"], "url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"}, {"source": "cve-notifications-us@f-secure.com", "tags": ["Vendor Advisory"], "url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-44750"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-44750"}], "sourceIdentifier": "cve-notifications-us@f-secure.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}