Mutare Security Advisory

Advisory IDMUTARE-2021-001
SeverityCritical
CVECVE-2021-27236
Published DateFebruary 5, 2021
Revision DateFebruary 16, 2021

Overview

Unauthenticated Local File Inclusion to Remote Code Execution

Affected Products/Versions

Mutare Voice (EVM), Versions Affected 3.0.0-3.3.7

Vulnerability Details

The Mutare Voice (EVM) web application suffers from unauthenticated local file inclusion which leads to source code disclosure and provides an ability to dump server-side files alongside with possibility to escalate the chain to Remote Code Execution providing complete control over the server.

The getfile.asp script file can be utilized to view file contents via a parameter. This can be used to leak the source of the file. This can subsequently be used to escalate to a Remote Code Execution.

Workarounds

The getfile.asp file can be removed from the application. It is used for streaming voice files for playback via browser.

Solution

Upgrading Mutare Voice (EVM) to release 3.3.8 fixes the vulnerability.

References

Acknowledgements

Mutare would like to thank Tesla for reporting this issue and working with Mutare to help protect our customers.