본문내용 바로가기 메인메뉴 바로가기 푸터 바로가기

Security Advisory

CVE-2021-26612 | tobesoft Nexacro platform arbitrary file creation vulnerability2021.11.30
□ Overview
 o tobesoft Co.,Ltd released security update to address improper input validation vulnerability in Nexacro platform.(development platform)
Vulnerability
Vulnerability Type Impact Severity CVSS Score CVE ID
improper input validation arbitrary file creation High 8.1 CVE-2021-26612

□ Description
 o An improper input validation leading to arbitrary file creation was discovered in copy method of Nexacro platform.
 o Remote attackers use copy method to execute arbitrary command after the file creation included malicious code.

□ Affected Product
Affected Product
Product Version Platform
Nexacro 17 17.1.2.500 Windows

□ Solution
 o Update software over Nexacro 17 17.1.3.700  version or higher.

□ Reference
 [1] https://www.tobesoft.com/product/Nexacro.do

□ Etc
 o Thanks to Jeongun Baek for reporting this vulnerability.


□ 작성 : 침해사고분석단 취약점분석팀