CVE-2021-35230

MEDIUM

6.7

CVSS Severity Score

EPSS Score0.0340%

EPSS Percentile11.78th

PublishedOct 22, 2021

Last ModifiedNov 21, 2024

Vulnerability Description

As a result of an unquoted service path vulnerability present in the Kiwi CatTools Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path of the affected service or uninstall entry.

Affected Platforms (CPE)

📦

Solarwinds

Kiwi Cattools

< 3.11.9

References & Advisories

🔗 https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35230

Related Vulnerabilities

CVE-2007-088810.0

Directory traversal vulnerability in the TFTP server in Kiwi CatTools before 3.2.0 beta allows remote attackers to read arbitrary ...

CVE-2007-08894.6

Kiwi CatTools before 3.2.0 beta uses weak encryption ("reversible encoding") for passwords, account names, and IP addresses in kiw...

CVE-2021-4422810.0

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration...

CVE-2021-021110.0

An improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved Routing Protocol Daemon ...