CVE-2021-31926

Published: Apr 30, 2021Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

AMP Application Deployment Service in CubeCoders AMP 2.1.x before 2.1.1.2 allows a remote, authenticated user to open ports in the local system firewall by crafting an HTTP(S) request directly to the applicable API endpoint (despite not having permission to make changes to the system's network configuration).

Affected (1)

Products: Cubecoders: Amp

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cubecoders Amp	From 2.1.0 to 2.1.1.2

Related CWEs

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (2)

https://github.com/CubeCoders/AMP/issues/443

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/CubeCoders/AMP/issues/443

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.