CVE-2021-34805 Scanner

FAUST iServer is a software used for web-based measurement solutions. It allows multiple users to access, monitor and manage their measurements via a computer or a mobile device. The software can control a network of data acquisition nodes and measurement instruments, handily providing users with an all-in-one solution that saves time and identifies issues quickly.

CVE-2021-34805 is a vulnerability recently detected in FAUST iServer before version 9.0.019.019.7. The issue arose from the fact that each URL request made to the server accesses the corresponding .fau file in the operating system without preventing %2e%2e%5c directory traversal. This provides an attacker with the opportunity to manipulate directory traversal sequences such as dot-dot-slash, to gain unauthorized access to system files.

This vulnerability can lead to remote code execution, file modification or deletion, and unauthorized access to sensitive information. An attacker could use it to gain access to the underlying operating system and execute malicious code or change the behavior of the iServer to gather information about the network, monitor user traffic, or pivot into other network-connected devices.

In summary, it is essential to be aware of system vulnerabilities and take adequate measures to prevent them from being exploited. s4e.io offers advanced cybersecurity features that can protect against various security threats, including vulnerability scanning and patch management. By using the platform, users can quickly identify vulnerabilities in their digital assets and take proactive measures to ensure the safety of their systems.

REFERENCES

• http://packetstormsecurity.com/files/165701/FAUST-iServer-9.0.018.018.4-Local-File-Inclusion.html
• http://www.land-software.de/lfs.fau?prj=iweb&dn=faust+iserver
• https://sec-consult.com/vulnerability-lab/