Vulnerability CVE-2021-3781

Vulnerability Name:

CVE-2021-3781 (CCN-208779)

Assigned:

2021-08-25

Published:

2021-08-25

Updated:

2023-06-26

Summary:

CVSS v3 Severity:

9.9 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
8.9 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

9.8 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.8 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2021-3781

Source: secalert@redhat.com
Type: Issue Tracking, Patch, Third Party Advisory
secalert@redhat.com

Source: XF
Type: UNKNOWN
artifex-cve20213781-cmd-exec(208779)

Source: CCN
Type: Artifex Web site
SECURITY ADVISORY SEPTEMBER 9, 2021 - CVE-2021-3781

Source: secalert@redhat.com
Type: Patch, Vendor Advisory
secalert@redhat.com

Source: CCN
Type: GitHub Web site
RCE-0-day-for-GhostScript-9.50

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: CCN
Type: The Record Web site
Ghostscript zero-day allows full server compromises

Vulnerable Configuration:

Configuration CCN 1:

cpe:/a:artifex:ghostscript:9.50:*:*:*:*:*:*:*

OR cpe:/a:artifex:ghostscript:9.52:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:7505	P	ghostscript-9.52-150000.164.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:51961	P	Security update for containerized-data-importer (Important)	2022-11-23
oval:org.opensuse.security:def:775	P	Security update for dpdk (Important)	2022-09-23
oval:org.opensuse.security:def:95384	P	Security update for python310 (Important)	2022-07-06
oval:org.opensuse.security:def:3676	P	libsoup-2_4-1-2.62.2-5.7.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3486	P	fetchmail-6.3.26-12.3 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94598	P	libFS-devel-1.0.7-1.22 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:2930	P	ghostscript-9.52-161.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94798	P	python3-cryptography-2.8-10.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94560	P	ghostscript-9.52-161.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:93139	P	(Important)	2022-05-26
oval:org.opensuse.security:def:93292	P	(Important)	2022-05-03
oval:org.opensuse.security:def:99740	P	(Important)	2022-01-25
oval:org.opensuse.security:def:112288	P	ghostscript-9.54.0-2.2 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:6173	P	Security update for python36-pip (Moderate)	2022-01-12
oval:org.opensuse.security:def:102097	P	Security update for net-snmp (Important)	2022-01-11
oval:org.opensuse.security:def:99147	P	(Moderate)	2021-10-06
oval:org.opensuse.security:def:105812	P	ghostscript-9.54.0-2.2 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:101511	P	Security update for the Linux Kernel (Important)	2021-09-23
oval:org.opensuse.security:def:89197	P	Security update for ghostscript (Critical)	2021-09-21
oval:org.opensuse.security:def:31683	P	Security update for ghostscript (Critical)	2021-09-21
oval:org.opensuse.security:def:57506	P	Security update for ghostscript (Critical)	2021-09-21
oval:org.opensuse.security:def:84669	P	Security update for ghostscript (Critical)	2021-09-21
oval:org.opensuse.security:def:23671	P	Security update for ghostscript (Critical)	2021-09-21
oval:org.opensuse.security:def:5864	P	Security update for ghostscript (Critical)	2021-09-21
oval:org.opensuse.security:def:33977	P	Security update for ghostscript (Critical)	2021-09-21
oval:org.opensuse.security:def:59800	P	Security update for ghostscript (Critical)	2021-09-21
oval:org.opensuse.security:def:87472	P	Security update for ghostscript (Critical)	2021-09-21
oval:org.opensuse.security:def:30128	P	Security update for ghostscript (Critical)	2021-09-21
oval:org.opensuse.security:def:55951	P	Security update for ghostscript (Critical)	2021-09-21
oval:org.opensuse.security:def:83335	P	Security update for ghostscript (Critical)	2021-09-21
oval:org.opensuse.security:def:126773	P	Security update for ghostscript (Critical)	2021-09-21
oval:org.opensuse.security:def:89455	P	Security update for ghostscript (Critical)	2021-09-21
oval:org.opensuse.security:def:32185	P	Security update for ghostscript (Critical)	2021-09-21
oval:org.opensuse.security:def:58008	P	Security update for ghostscript (Critical)	2021-09-21
oval:org.opensuse.security:def:85733	P	Security update for ghostscript (Critical)	2021-09-21
oval:org.opensuse.security:def:23973	P	Security update for ghostscript (Critical)	2021-09-21
oval:org.opensuse.security:def:51659	P	Security update for ghostscript (Critical)	2021-09-21
oval:org.opensuse.security:def:34542	P	Security update for ghostscript (Critical)	2021-09-21
oval:org.opensuse.security:def:60365	P	Security update for ghostscript (Critical)	2021-09-21
oval:org.opensuse.security:def:88193	P	Security update for ghostscript (Critical)	2021-09-21
oval:org.opensuse.security:def:30248	P	Security update for ghostscript (Critical)	2021-09-21
oval:org.opensuse.security:def:56071	P	Security update for ghostscript (Critical)	2021-09-21
oval:org.opensuse.security:def:83455	P	Security update for ghostscript (Critical)	2021-09-21
oval:org.opensuse.security:def:127170	P	Security update for ghostscript (Critical)	2021-09-21
oval:org.opensuse.security:def:33008	P	Security update for ghostscript (Critical)	2021-09-21
oval:org.opensuse.security:def:58831	P	Security update for ghostscript (Critical)	2021-09-21
oval:org.opensuse.security:def:86147	P	Security update for ghostscript (Critical)	2021-09-21
oval:org.opensuse.security:def:26130	P	Security update for ghostscript (Critical)	2021-09-21
oval:org.opensuse.security:def:88509	P	Security update for ghostscript (Critical)	2021-09-21
oval:org.opensuse.security:def:31269	P	Security update for ghostscript (Critical)	2021-09-21
oval:org.opensuse.security:def:57092	P	Security update for ghostscript (Critical)	2021-09-21
oval:org.opensuse.security:def:84211	P	Security update for ghostscript (Critical)	2021-09-21
oval:org.opensuse.security:def:5117	P	Security update for ghostscript (Critical)	2021-09-21
oval:org.opensuse.security:def:33719	P	Security update for ghostscript (Critical)	2021-09-21
oval:org.opensuse.security:def:59542	P	Security update for ghostscript (Critical)	2021-09-21
oval:org.opensuse.security:def:86649	P	Security update for ghostscript (Critical)	2021-09-21
oval:org.opensuse.security:def:29424	P	Security update for ghostscript (Critical)	2021-09-21
oval:org.opensuse.security:def:55247	P	Security update for ghostscript (Critical)	2021-09-21
oval:org.opensuse.security:def:82631	P	Security update for ghostscript (Critical)	2021-09-21
oval:org.opensuse.security:def:125606	P	Security update for ghostscript (Critical)	2021-09-21
oval:org.opensuse.security:def:111060	P	Security update for ghostscript (Critical)	2021-09-16
oval:org.opensuse.security:def:64765	P	Security update for ghostscript (Critical)	2021-09-15
oval:org.opensuse.security:def:76330	P	Security update for ghostscript (Critical)	2021-09-15
oval:org.opensuse.security:def:10154	P	Security update for ghostscript (Critical)	2021-09-15
oval:org.opensuse.security:def:92197	P	Security update for ghostscript (Critical)	2021-09-15
oval:org.opensuse.security:def:101506	P	Security update for ghostscript (Critical)	2021-09-15
oval:org.opensuse.security:def:67262	P	Security update for ghostscript (Critical)	2021-09-15
oval:org.opensuse.security:def:99342	P	Security update for ghostscript (Critical)	2021-09-15
oval:org.opensuse.security:def:107977	P	Security update for ghostscript (Critical)	2021-09-15
oval:org.opensuse.security:def:74310	P	Security update for ghostscript (Critical)	2021-09-15
oval:org.opensuse.security:def:92986	P	Security update for ghostscript (Critical)	2021-09-15
oval:org.opensuse.security:def:9400	P	Security update for ghostscript (Critical)	2021-09-15
oval:org.opensuse.security:def:70294	P	Security update for ghostscript (Critical)	2021-09-15
oval:org.opensuse.security:def:101311	P	Security update for ghostscript (Critical)	2021-09-15
oval:org.opensuse.security:def:4153	P	Security update for ghostscript (Critical)	2021-09-15
oval:org.opensuse.security:def:65242	P	Security update for ghostscript (Critical)	2021-09-15
oval:org.opensuse.security:def:117491	P	Security update for ghostscript (Critical)	2021-09-15
oval:org.opensuse.security:def:10342	P	Security update for ghostscript (Critical)	2021-09-15
oval:org.opensuse.security:def:92392	P	Security update for ghostscript (Critical)	2021-09-15
oval:org.opensuse.security:def:101722	P	Security update for ghostscript (Critical)	2021-09-15
oval:org.opensuse.security:def:8653	P	Security update for ghostscript (Critical)	2021-09-15
oval:org.opensuse.security:def:69540	P	Security update for ghostscript (Critical)	2021-09-15
oval:org.opensuse.security:def:99541	P	Security update for ghostscript (Critical)	2021-09-15
oval:org.opensuse.security:def:108177	P	Security update for ghostscript (Critical)	2021-09-15
oval:org.opensuse.security:def:74375	P	Security update for ghostscript (Critical)	2021-09-15
oval:org.opensuse.security:def:9592	P	Security update for ghostscript (Critical)	2021-09-15
oval:org.opensuse.security:def:70482	P	Security update for ghostscript (Critical)	2021-09-15
oval:org.opensuse.security:def:4218	P	Security update for ghostscript (Critical)	2021-09-15
oval:org.opensuse.security:def:65307	P	Security update for ghostscript (Critical)	2021-09-15
oval:org.opensuse.security:def:98952	P	Security update for ghostscript (Critical)	2021-09-15
oval:org.opensuse.security:def:117691	P	Security update for ghostscript (Critical)	2021-09-15
oval:org.opensuse.security:def:111716	P	Security update for ghostscript (Critical)	2021-09-15
oval:org.opensuse.security:def:73697	P	Security update for ghostscript (Critical)	2021-09-15
oval:org.opensuse.security:def:92591	P	Security update for ghostscript (Critical)	2021-09-15
oval:org.opensuse.security:def:8841	P	Security update for ghostscript (Critical)	2021-09-15
oval:org.opensuse.security:def:69732	P	Security update for ghostscript (Critical)	2021-09-15
oval:org.opensuse.security:def:64575	P	Security update for ghostscript (Critical)	2021-09-15
oval:org.opensuse.security:def:108763	P	Security update for ghostscript (Critical)	2021-09-15
oval:org.opensuse.security:def:75993	P	Security update for ghostscript (Critical)	2021-09-15
oval:org.opensuse.security:def:9791	P	Security update for ghostscript (Critical)	2021-09-15
oval:org.opensuse.security:def:92002	P	Security update for ghostscript (Critical)	2021-09-15
oval:org.opensuse.security:def:5836	P	Security update for ghostscript (Critical)	2021-09-15
oval:org.opensuse.security:def:66925	P	Security update for ghostscript (Critical)	2021-09-15
oval:org.opensuse.security:def:73887	P	Security update for ghostscript (Critical)	2021-09-15
oval:org.opensuse.security:def:92790	P	Security update for ghostscript (Critical)	2021-09-15
oval:org.opensuse.security:def:1031	P	Security update for ghostscript (Critical)	2021-09-15
oval:org.opensuse.security:def:9036	P	Security update for ghostscript (Critical)	2021-09-15
oval:org.opensuse.security:def:69931	P	Security update for ghostscript (Critical)	2021-09-15
oval:org.opensuse.security:def:100050	P	Security update for ghostscript (Critical)	2021-09-15

BACK