First published: Fri Jun 24 2022(Updated: )
Thales Safenet Authentication Client (SAC) for Linux and Windows through 10.7.7 creates insecure temporary hid and lock files allowing a local attacker, through a symlink attack, to overwrite arbitrary files, and potentially achieve arbitrary command execution with high privileges.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Thalesgroup Safenet Authentication Client | <=10.7.7 | |
Linux Linux kernel | ||
Microsoft Windows |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-42056 is a vulnerability in Thales Safenet Authentication Client (SAC) for Linux and Windows through version 10.7.7.
A local attacker can exploit CVE-2021-42056 by using a symlink attack to overwrite arbitrary files and potentially achieve arbitrary command execution with high privileges.
CVE-2021-42056 has a severity rating of 6.7 (high).
To fix CVE-2021-42056, it is recommended to update Thales Safenet Authentication Client (SAC) to version 10.7.8 or later.
More information about CVE-2021-42056 can be found at the following reference: [link](https://github.com/z00z00z00/Safenet_SAC_CVE-2021-42056)