What is CVE-2021-34805?

CVE-2021-34805 is a vulnerability in N/a. Published 2022-01-31.

Is CVE-2021-34805 known to be exploited?

7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2021-34805

An issue was discovered in FAUST iServer before 9.0.019.019.7. For each URL request, it accesses the corresponding .fau file on the operating system without preventing %2e%2e%5c directory traversal.

EPSS: 0.899 (99.6th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

20142995/Goby
20142995/nuclei-templates
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates
HimmelAward/Goby_
NyxAzrael/Goby_
Z0fhack/Goby_

References

sec-consult.com/vulnerability-lab/ (x_refsource_MISC)
www.land-software.de/lfs.fau (x_refsource_MISC)
packetstormsecurity.com/files/165701/FAUST-iServer-9.0.018.018.4-Local-File-Inc… (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-34805?: CVE-2021-34805 is a vulnerability in N/a. Published 2022-01-31.
Is CVE-2021-34805 known to be exploited?: 7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.