CVE-2021-21785
First published: Thu Aug 05 2021(Updated: )
An information disclosure vulnerability exists in the IOCTL 0x9c40a148 handling of IOBit Advanced SystemCare Ultimate 14.2.0.220. A specially crafted I/O request packet (IRP) can lead to a disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IOBit Advanced SystemCare Ultimate | =14.2.0.220 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2021-21785?
CVE-2021-21785 is an information disclosure vulnerability in IOBit Advanced SystemCare Ultimate 14.2.0.220.
What is the severity of CVE-2021-21785?
The severity of CVE-2021-21785 is medium with a CVSS score of 5.5.
How does CVE-2021-21785 occur?
CVE-2021-21785 occurs due to an information disclosure vulnerability in the handling of IOCTL 0x9c40a148 in IOBit Advanced SystemCare Ultimate 14.2.0.220.
How can this vulnerability be exploited?
This vulnerability can be exploited by sending a specially crafted I/O request packet (IRP) to disclose sensitive information.
Is there a fix available for CVE-2021-21785?
At the time of this writing, there is no fix available for CVE-2021-21785. Please refer to the vendor's advisory for any updates or patches.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/description
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/iobit
- canonical/iobit advanced systemcare ultimate
- version/iobit advanced systemcare ultimate/14.2.0.220