Archer Platform 6.x before 6.11 (6.11.0.0) contains a Remote Code Execution Vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to gain access to files that should only be allowed by extra privileges. 6.10 P2 (6.10.0.2) and 6.9 SP3 P4 (6.9.3.4) are also fixed releases.
CWE-434: Unrestricted Upload of File with Dangerous Type
Very High - An authenticated attacker who exploits this vulnerability could execute arbitrary code on the affected host, which could disclose sensitive data and give the attacker a foothold into the victim's environment.
High - An attacker would need to discover the vulnerable endpoints and upload malicious code to exploit this issue.
CVE-2021-33615
It's possible to upload arbritary files to the IconUploadHandler.ashx
and GraphicUploadHandler.ashx
endpoints. A threat actor can use this to upload an ASP web shell to execute arbvritary code on the underlying web server.
Mandiant, Angelo Alviar, Michael Maturi, and Troy Knutson
- 2021-05-27 - Issue reported to RSA Archer.
- 2022-05-26 - RSA Archer released a patch and posted a public Security Advisory.