← back
CVE-2021-42855

Local privilege escalation due to misconfigured write permission on .debug_command.config file

CVSS 7.8 HIGHEPSS 0.2%CWE-284
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent (DSA) uses the ".debug_command.config" file to store a json string that contains a list of IDs and pre-configured commands. The config file is subsequently used by the "/api/appInternals/1.0/agent/configuration" API to map the corresponding ID to a command to be executed.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
Aternity · SteelCentral AppInternals Dynamic Sampling Agent

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://aternity.force.com/customersuccess/s/article/Local-privilege-escalation-due-to-misconfigured-write-permission-on-debug-command-config-file-CVE-2021-42855