CVE-2021-35064

CRITICAL EXPLOITED IN THE WILD NUCLEI

KramerAV VIAWare - Privilege Escalation

Title source: llm

Description

KramerAV VIAWare, all tested versions, allow privilege escalation through misconfiguration of sudo. Sudoers permits running of multiple dangerous commands, including unzip, systemctl and dpkg.

Exploits (2)

nomisec WORKING POC 2 stars

by Chocapikk · local

https://github.com/Chocapikk/CVE-2021-35064

View Code ZIP pw:eip

exploitdb WORKING POC

pythonremotehardware

https://www.exploit-db.com/exploits/50856

View Code ZIP pw:eip

Nuclei Templates (1)

Kramer VIAware - Privilege Escalation and Remote Code Execution

CRITICALby ritikchaddha

FOFA: icon_hash="1521468900"

References (2)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/166623/Kramer-VIAware-Remote-Code-Execution.html

[Exploit, Product, Vendor Advisory] https://www.kramerav.com/us/product/viaware

Scores

CVSS v3 9.8

EPSS 0.8955

EPSS Percentile 99.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2022-05-26

InTheWild.io 2022-05-26

CWE

CWE-269

Status published

Products (1)

kramerav/viaware

Published Jul 12, 2021

Tracked Since Feb 18, 2026