Mutare Security Advisory
Advisory ID | MUTARE-2021-001 |
Severity | Critical |
CVE | CVE-2021-27236 |
Published Date | February 5, 2021 |
Revision Date | February 16, 2021 |
Overview
Unauthenticated Local File Inclusion to Remote Code Execution
Affected Products/Versions
Mutare Voice (EVM), Versions Affected 3.0.0-3.3.7
Vulnerability Details
The Mutare Voice (EVM) web application suffers from unauthenticated local file inclusion which leads to source code disclosure and provides an ability to dump server-side files alongside with possibility to escalate the chain to Remote Code Execution providing complete control over the server.
The getfile.asp script file can be utilized to view file contents via a parameter. This can be used to leak the source of the file. This can subsequently be used to escalate to a Remote Code Execution.
Workarounds
The getfile.asp file can be removed from the application. It is used for streaming voice files for playback via browser.
Solution
Upgrading Mutare Voice (EVM) to release 3.3.8 fixes the vulnerability.
References
Acknowledgements
Mutare would like to thank Tesla for reporting this issue and working with Mutare to help protect our customers.