CVE-2021-31800

CRITICAL

Secureauth Impacket < 0.9.22 - Path Traversal

Title source: rule

Description

Multiple path traversal vulnerabilities exist in smbserver.py in Impacket through 0.9.22. An attacker that connects to a running smbserver instance can list and write to arbitrary files via ../ directory traversal. This could potentially be abused to achieve arbitrary code execution by replacing /etc/shadow or an SSH authorized key.

Exploits (2)

nomisec WORKING POC 10 stars

by p0dalirius · poc

https://github.com/p0dalirius/CVE-2021-31800-Impacket-SMB-Server-Arbitrary-file-read-write

View Code ZIP pw:eip

nomisec WORKING POC 2 stars

by Louzogh · poc

https://github.com/Louzogh/CVE-2021-31800

View Code ZIP pw:eip

References (9)

[Third Party Advisory] https://github.com/SecureAuthCorp/impacket/blob/cb6d43a677c338db930bc4e9161620832c1ec624/impacket/smbserver.py#L2008

[Third Party Advisory] https://github.com/SecureAuthCorp/impacket/blob/cb6d43a677c338db930bc4e9161620832c1ec624/impacket/smbserver.py#L2958

[Third Party Advisory] https://github.com/SecureAuthCorp/impacket/blob/cb6d43a677c338db930bc4e9161620832c1ec624/impacket/smbserver.py#L3485

[Third Party Advisory] https://github.com/SecureAuthCorp/impacket/blob/cb6d43a677c338db930bc4e9161620832c1ec624/impacket/smbserver.py#L876

[Patch, Third Party Advisory] https://github.com/SecureAuthCorp/impacket/commit/49c643bf66620646884ed141c94e5fdd85bcdd2f

[Release Notes, Third Party Advisory] https://github.com/SecureAuthCorp/impacket/releases

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPXDPWCAPVX3UWYZ3N2T5OLBSBBUHJP6/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KRV2C5DATXBHG6TF6CEEX54KZ75THQS3/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UF56LYB27LHEIFJTFHU3M75NMNNK2SCG/

Scores

CVSS v3 9.8

EPSS 0.3980

EPSS Percentile 97.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-22

Status published

Products (5)

fedoraproject/fedora 32

fedoraproject/fedora 33

fedoraproject/fedora 34

pypi/impacket 0 - 0.9.23PyPI

secureauth/impacket < 0.9.22

Published May 05, 2021

Tracked Since Feb 18, 2026