Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2021-31800

Description

Multiple path traversal vulnerabilities exist in smbserver.py in Impacket through 0.9.22. An attacker that connects to a running smbserver instance can list and write to arbitrary files via ../ directory traversal. This could potentially be abused to achieve arbitrary code execution by replacing /etc/shadow or an SSH authorized key.

POC

Reference

- https://github.com/SecureAuthCorp/impacket/releases

Github

- https://github.com/20142995/nuclei-templates

- https://github.com/ARPSyndicate/cvemon

- https://github.com/ARPSyndicate/kenzer-templates

- https://github.com/Elsfa7-110/kenzer-templates

- https://github.com/Louzogh/CVE-2021-31800

- https://github.com/NaInSec/CVE-PoC-in-GitHub

- https://github.com/SYRTI/POC_to_review

- https://github.com/WhooAmii/POC_to_review

- https://github.com/d4n-sec/d4n-sec.github.io

- https://github.com/nomi-sec/PoC-in-GitHub

- https://github.com/p0dalirius/CVE-2021-31800-Impacket-SMB-Server-Arbitrary-file-read-write

- https://github.com/trhacknon/Pocingit

- https://github.com/zecool/cve