CVE-2021-42056
MEDIUMThales Safenet Authentication Client < 10.7.7 - Arbitrary File Write via Symlink Attack
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2021-42056. PoCs published by z00z00z00.
AI-analyzed exploit summary This repository documents a privilege escalation vulnerability (CVE-2021-42056) in Thales Safenet Authentication Client due to insecure file permissions (777/666) on temporary files, allowing symlink attacks to overwrite system files or escalate privileges to root.
Description
Thales Safenet Authentication Client (SAC) for Linux and Windows through 10.7.7 creates insecure temporary hid and lock files allowing a local attacker, through a symlink attack, to overwrite arbitrary files, and potentially achieve arbitrary command execution with high privileges.
Exploits (1)
This repository documents a privilege escalation vulnerability (CVE-2021-42056) in Thales Safenet Authentication Client due to insecure file permissions (777/666) on temporary files, allowing symlink attacks to overwrite system files or escalate privileges to root.
References (1)
Scores
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H