ENG

Language

YSoft SAFEQ FlexiSpooler Local Privilege Escalation Vulnerability

 

CVE-2021-31859 

 
 

Assigning CNA: Mitre 

 

CVSS:3.1 8.2/7.4 

 

MITRE CVE-2021-31859 


Affected Versions: YSoft SAFEQ 6 FlexiSpooler versions prior to Build 57. 
 

Base Score Metrics 

 
 

Attack Vector: Local 

 

Attack Complexity: Low 

 

Privileges Required: Low 

 

User Interaction: Required 

 

Scope: Changed 

 

Impact Metrics: 

 

Confidentiality: High 

 

Integrity: High 

 

Availability: High 

 

Temporal Score Metrics 

 
 

Exploit Code Maturity: Proof of concept code 

 

Remediation Level: Official fix 

 

Report Confidence: Confirmed 

 

Executive Summary 

 

An improper file permissions issue exists in YSoft SAFEQ FlexiSpooler at install time.  A user who successfully exploited this vulnerability could gain SYSTEM level access to a local workstation. Customers are advised to upgrade to YSoft SAFEQ 6 FlexiSpooler Build 57 or later. If an upgrade is not possible at this time, customers with software support can contact Y Soft to receive a script to fix the file permissions issue. 

US