CVE-2021-26758

Published on: 04/07/2021 12:00:00 AM UTC

Last Modified on: 04/12/2021 06:30:00 PM UTC

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Certain versions of Openlitespeed from Litespeedtech contain the following vulnerability:

Privilege Escalation in LiteSpeed Technologies OpenLiteSpeed web server version 1.7.8 allows attackers to gain root terminal access and execute commands on the host system.

  • CVE-2021-26758 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.

CVSS3 Score: 8.8 - HIGH

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW LOW NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH HIGH HIGH

CVSS2 Score: 9 - HIGH

Access
Vector
Access
Complexity
Authentication
NETWORK LOW SINGLE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
COMPLETE COMPLETE COMPLETE

CVE References

Description Tags Link
Openlitespeed Web Server 1.7.8 - Privilege Escalation Security Issue · Issue #217 · litespeedtech/openlitespeed · GitHub github.com
text/html
URL Logo CONFIRM github.com/litespeedtech/openlitespeed/issues/217
Openlitespeed WebServer 1.7.8 - Command Injection (Authenticated) (2) - Multiple webapps Exploit www.exploit-db.com
Proof of Concept
text/html
URL Logo EXPLOIT-DB 49556
Openlitespeed Web Server 1.7.8 - Privilege Escalation (CVE-2021-26758) - UNSAFE-INLINE docs.unsafe-inline.com
text/html
URL Logo MISC docs.unsafe-inline.com/0day/openlitespeed-web-server-1.7.8-command-injection-to-privilege-escalation-cve-2021-26758

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationLitespeedtechOpenlitespeed1.7.8AllAllAll
  • cpe:2.3:a:litespeedtech:openlitespeed:1.7.8:*:*:*:*:*:*:*:

Social Mentions

Source Title Posted (UTC)
Twitter Icon @CVEreport CVE-2021-26758 : Privilege Escalation in LiteSpeed Technologies OpenLiteSpeed web server version 1.7.8 allows attac… twitter.com/i/web/status/1… 2021-04-07 21:06:34