First published: Mon Oct 25 2021(Updated: )
As a result of an unquoted service path vulnerability present in the Kiwi Syslog Server Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path of the affected service or uninstall entry. Example vulnerable path: "Computer\HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Kiwi Syslog Server\Parameters\Application".
Credit: psirt@solarwinds.com
Affected Software | Affected Version | How to fix |
---|---|---|
Solarwinds Kiwi Syslog Server | <9.8 |
SolarWinds advises Kiwi Syslog Server customers to upgrade to the latest version (9.8) once it becomes generally available.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-35231 is an unquoted service path vulnerability present in the Kiwi Syslog Server Installation Wizard.
CVE-2021-35231 could allow a local attacker to gain escalated privileges by inserting an executable into the path of the affected service or uninstall entry.
Solarwinds Kiwi Syslog Server version 9.8 and below are affected by CVE-2021-35231.
CVE-2021-35231 has a severity value of 6.7, which is considered medium.
To fix CVE-2021-35231, you should update your Solarwinds Kiwi Syslog Server to a version that is not affected by the vulnerability.