CVE-2021-42056

MEDIUM

Thalesgroup Safenet Authentication Client < 10.7.7 - Symlink Following

Title source: rule

Description

Thales Safenet Authentication Client (SAC) for Linux and Windows through 10.7.7 creates insecure temporary hid and lock files allowing a local attacker, through a symlink attack, to overwrite arbitrary files, and potentially achieve arbitrary command execution with high privileges.

Exploits (1)

nomisec WRITEUP

by z00z00z00 · poc

https://github.com/z00z00z00/Safenet_SAC_CVE-2021-42056

View Code ZIP pw:eip

References (1)

Core 1

Core References

Exploit, Third Party Advisory x_refsource_misc

https://github.com/z00z00z00/Safenet_SAC_CVE-2021-42056

Scores

CVSS v3 6.7

EPSS 0.0234

EPSS Percentile 85.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-59

Status published

Products (1)

thalesgroup/safenet_authentication_client < 10.7.7

Published Jun 24, 2022

Tracked Since Feb 18, 2026