CVE-2021-27183
HIGHMDaemon < 20.0.4 - Authenticated Arbitrary File Write via Remote Administration
Title source: llmDescription
An issue was discovered in MDaemon before 20.0.4. Administrators can use Remote Administration to exploit an Arbitrary File Write vulnerability. An attacker is able to create new files in any location of the filesystem, or he may be able to modify existing files. This vulnerability may directly lead to Remote Code Execution.
References (2)
Core 2
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://www.altn.com/Support/SecurityUpdate/MD011221_MDaemon_EN/
Exploit, Third Party Advisory x_refsource_misc
https://github.com/chudyPB/MDaemon-Advisories
Scores
CVSS v3
7.2
EPSS
0.0270
EPSS Percentile
83.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-610
Status
published
Products (1)
altn/mdaemon
< 20.0.4
Published
Apr 14, 2021
Tracked Since
Feb 18, 2026