CVE-2021-44750
Arbitrary Code Execution
More information
An arbitrary code execution vulnerability was found in the WithSecure Support Tool. A standard user can craft a special configuration file, which when run by administrator can execute any commands.
This issue was reported to WithSecure through the Vulnerability Reward Program. No known exploit or attack has been seen in the wild.
Contributors
WithSecure Corporation would like to thank following person for bringing this issue to our attention.
Nasreddine Bencherchali
Twitter- WithSecure Support Tool (fsdiag) embedded within various WithSecure products for Microsoft Windows can be abused to execute arbitrary commands on the system.
- Fixed
- WithSecure Business Suite administrator need to apply the hotfix manually. All other products are automatically updated.
- Medium
- In all other environments fix has been published through the automatic update channel.
- Corporate Products: WithSecure Elements Agent WithSecure MDR WithSecure Client Security * WithSecure Server Security * WithSecure Email and Server Security * Hotfixes for products marked with * can be found at https://www.f-secure.com/en/business/support-and-downloads Consumer Products: WithSecure FREEDOME VPN WithSecure SAFE WithSecure KEY WithSecure Internet Security / Anti-Virus
- All supported Windows version for the affected products
- 9/3/2022
Description
Status
Action required
Risk level
Fix
Affected products
Platforms
Date issued
- Security advisories
- 2021
- Medium