#VU55590 Improper Protection of Alternate Path in cni - CVE-2021-20206
Vulnerability identifier: #VU55590
Vulnerability risk: Medium
CVSSv4.0: 6.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID:
CWE-ID:
CWE-424
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
cni
Other software /
Other software solutions
Vendor: CNI
Description
The vulnerability allows a remote user to compromise the affected system.
the vulnerability exists due to improper input validation. When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use special elements such as "../" separators to reference binaries elsewhere on the system. This flaw allows a remote user to execute other existing binaries other than the cni plugins/types, such as 'reboot'.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
cni: 0.1.0 - 0.8.0
External links
https://bugzilla.redhat.com/show_bug.cgi?id=1919391
https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMCONTAINERNETWORKINGCNIPKGINVOKE-1070549
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
