CVE-2021-29221

Published: Apr 9, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

A local privilege escalation vulnerability was discovered in Erlang/OTP prior to version 23.2.3. By adding files to an existing installation's directory, a local attacker could hijack accounts of other users running Erlang programs or possibly coerce a service running with "erlsrv.exe" to execute arbitrary code as Local System. This can occur only under specific conditions on Windows with unsafe filesystem permissions.

Vendor	Product	Versions
Erlang Project	Erlang/OTP	affected `< 23.2.3`

References

https://github.com/erlang/otp/releases/tag/OTP-23.2.3

x_refsource_MISC

https://deepsurface.com/deepsurface-security-advisory-local-privilege-escalation-in-erlang-on-windows-cve-2021-29221/

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-29221

Description

Affected Products

References