CVE-2021-43269

Published: Jan 20, 2022

Modified: Aug 4, 2024

PUBLISHED

Description

In Code42 app before 8.8.0, eval injection allows an attacker to change a device’s proxy configuration to use a malicious proxy auto-config (PAC) file, leading to arbitrary code execution. This affects Incydr Basic, Advanced, and Gov F1; CrashPlan Cloud; and CrashPlan for Small Business. (Incydr Professional and Enterprise are unaffected.)

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://support.code42.com/Terms_and_conditions/Code42_customer_support_resources/Code42_security_advisories/Arbitrary_code_execution_via_malicious_Code42_app_proxy_configuration

x_refsource_CONFIRM

https://www.code42.com/r/support/CVE-2021-43269

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-43269

Description

Affected Products

References