Security for everyone

CVE-2021-34805 Scanner

Detects 'Directory Traversal' vulnerability in FAUST iServer affects v. before 9.0.019.019.7.

SCAN NOW

Short Info


Level

High

Type

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one

Url

Parent Category

CVE-2021-34805 Scanner Detail

FAUST iServer is a software used for web-based measurement solutions. It allows multiple users to access, monitor and manage their measurements via a computer or a mobile device. The software can control a network of data acquisition nodes and measurement instruments, handily providing users with an all-in-one solution that saves time and identifies issues quickly.

CVE-2021-34805 is a vulnerability recently detected in FAUST iServer before version 9.0.019.019.7. The issue arose from the fact that each URL request made to the server accesses the corresponding .fau file in the operating system without preventing %2e%2e%5c directory traversal. This provides an attacker with the opportunity to manipulate directory traversal sequences such as dot-dot-slash, to gain unauthorized access to system files.

This vulnerability can lead to remote code execution, file modification or deletion, and unauthorized access to sensitive information. An attacker could use it to gain access to the underlying operating system and execute malicious code or change the behavior of the iServer to gather information about the network, monitor user traffic, or pivot into other network-connected devices.

In summary, it is essential to be aware of system vulnerabilities and take adequate measures to prevent them from being exploited. Securityforeveryone.com offers advanced cybersecurity features that can protect against various security threats, including vulnerability scanning and patch management. By using the platform, users can quickly identify vulnerabilities in their digital assets and take proactive measures to ensure the safety of their systems.

 

REFERENCES

cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture