CVE-2021-29100
ArcGIS Earth has a File Parsing Directory Traversal Vulnerability
In short
ArcGIS Earth allows attackers to create files anywhere on your computer by tricking you into opening a specially crafted file. This could let them run malicious code with your permissions.
Technical detail
Path traversal vulnerability in ArcGIS Earth ≤1.11.0 allows arbitrary file creation via crafted input during file parsing. Attack vector requires user interaction (file upload/opening); successful exploitation enables arbitrary code execution in the context of the affected user.
Summary generated and translated by AI from the official description.
A path traversal vulnerability exists in Esri ArcGIS Earth versions 1.11.0 and below which allows arbitrary file creation on an affected system through crafted input. An attacker could exploit this vulnerability to gain arbitrary code execution under security context of the user running ArcGIS Earth by inducing the user to upload a crafted file to an affected system.
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Esri · ArcGIS EarthWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →