CVE-2021-38142
First published: Tue Sep 07 2021(Updated: )
Barco MirrorOp Windows Sender before 2.5.3.65 uses cleartext HTTP and thus allows rogue software upgrades. An attacker on the local network can achieve remote code execution on any computer that tries to update Windows Sender due to the fact that the upgrade mechanism is not secured (is not protected with TLS).
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Barco MirrorOp Windows Sender | <2.5.3.65 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-38142?
CVE-2021-38142 is a vulnerability in Barco MirrorOp Windows Sender before 2.5.3.65 that allows rogue software upgrades and can lead to remote code execution.
How does CVE-2021-38142 affect Barco MirrorOp Windows Sender?
CVE-2021-38142 affects Barco MirrorOp Windows Sender before version 2.5.3.65 by allowing rogue software upgrades and enabling remote code execution.
What is the severity of CVE-2021-38142?
CVE-2021-38142 has a severity rating of 8.8, which is considered high.
How can an attacker exploit CVE-2021-38142?
An attacker on the local network can exploit CVE-2021-38142 by performing rogue software upgrades, leading to remote code execution on any computer attempting to update Barco MirrorOp Windows Sender.
How can I fix CVE-2021-38142?
To fix CVE-2021-38142, it is recommended to update to version 2.5.3.65 or later of Barco MirrorOp Windows Sender, which addresses the vulnerability.
- collector/nvd-index
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/type
- agent/tags
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/barco
- canonical/barco mirrorop windows sender