CVE-2021-41569 Scanner
Detects 'Local File Inclusion (LFI)' vulnerability in SAS/Intrnet affects v. 9.4 build 1520 and earlier.
Short Info
Level
High
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
29 days
Scan only one
URL
Toolbox
-
SAS/Intrnet is a software product used for building web applications using SAS programming language. It is used by organizations for creating interactive reports, data visualization, and custom applications. The software allows for rapid development of web-based applications that are deployed locally or on the cloud. Its popularity stems from its ease of use, flexibility, and the ability to integrate with different systems.
One of the vulnerabilities detected in SAS/Intrnet is CVE-2021-41569. This vulnerability arises due to a local file inclusion issue that affects SAS/Intrnet 9.4 build 1520 and earlier. Specifically, the appstart.sas file in the samples library included in the software opens an avenue for end-users to access the sample.webcsf1.sas program. This program contains user-controlled macro variables that are passed to the DS2CSF macro. An attacker can exploit this vulnerability by bypassing the context of the configured user-controllable variable and executing additional functions native to the macro not accounted for in the library.
If exploited, this vulnerability can lead to unauthorized file access, data exfiltration, and remote code execution, which can result in a complete system compromise. Attackers can use the information acquired from the file system to launch further attacks, such as phishing campaigns targeting users or even gaining unauthorized access to other parts of the system.
Those who read this article can quickly learn about vulnerabilities in their digital assets by using the pro features of the s4e.io platform. This platform offers vulnerability scanning, patch management, and threat intelligence services that can help organizations identify, assess, and mitigate risks to their systems. By using this platform, organizations can keep their systems secure and ensure they remain protected against ever-evolving cyber threats.
REFERENCES