What is CVE-2021-33393?

CVE-2021-33393 is a vulnerability in N/a. Published 2021-06-09.

Is CVE-2021-33393 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2021-33393

lfs/backup in IPFire 2.25-core155 does not ensure that /var/ipfire/backup/bin/backup.pl is owned by the root account. It might be owned by an unprivileged account, which could potentially be used to install a Trojan horse backup.pl script…

EPSS: 0.722 (98.8th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

github.com/MucahitSaratar/ipfire-2-25-auth-rce (x_refsource_MISC)
github.com/ipfire/ipfire-2.x/commit/6769d909306d7bdc43d64598872126fcf1b217f6 (x_refsource_MISC)
github.com/ipfire/ipfire-2.x/commits/master (x_refsource_MISC)
packetstormsecurity.com/files/163158/IPFire-2.25-Remote-Code-Execution.html (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-33393?: CVE-2021-33393 is a vulnerability in N/a. Published 2021-06-09.
Is CVE-2021-33393 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.