EdgeRover Windows App Version 0.25


WDC Tracking Number: WDC-21007
Product Line: EdgeRover
Published: June 10, 2021

Last Updated:  June 10, 2021

Description

EdgeRover was vulnerable to an escalation of privileges vulnerability where a low privileged user could load malicious content into directories with higher privileges. This is a vulnerability in our implementation of Node.js that allows an attacker to gain admin privileges and carry out malicious activities such as creating a fake library and stealing user credentials.

Product Impact
Last Updated
EdgeRover Windows App
May 20, 2021

Advisory Summary

Resolved the escalation of privileges vulnerability by fixing the load-modules path and disabling any files that are being loaded from outside locations where any less privileged user could have access and could upload malicious content. The vulnerability is fixed in the latest updated version 0.25.

CVE Number: CVE-2021-33205
Reported by: Xavier Danest