{"containers":{"cna":{"affected":[{"product":"Erlang/OTP","vendor":"Erlang Project","versions":[{"status":"affected","version":"< 23.2.3"}]}],"descriptions":[{"lang":"en","value":"A local privilege escalation vulnerability was discovered in Erlang/OTP prior to version 23.2.3. By adding files to an existing installation's directory, a local attacker could hijack accounts of other users running Erlang programs or possibly coerce a service running with \"erlsrv.exe\" to execute arbitrary code as Local System. This can occur only under specific conditions on Windows with unsafe filesystem permissions."}],"problemTypes":[{"descriptions":[{"description":"Incorrect Access Control","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2021-04-09T13:34:59.000Z","orgId":"17539d52-06bd-4776-9c7a-95dc115e9083","shortName":"DeepSurface"},"references":[{"tags":["x_refsource_MISC"],"url":"https://github.com/erlang/otp/releases/tag/OTP-23.2.3"},{"tags":["x_refsource_MISC"],"url":"https://deepsurface.com/deepsurface-security-advisory-local-privilege-escalation-in-erlang-on-windows-cve-2021-29221/"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"security@deepsurface.com","ID":"CVE-2021-29221","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Erlang/OTP","version":{"version_data":[{"version_value":"< 23.2.3"}]}}]},"vendor_name":"Erlang Project"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"A local privilege escalation vulnerability was discovered in Erlang/OTP prior to version 23.2.3. By adding files to an existing installation's directory, a local attacker could hijack accounts of other users running Erlang programs or possibly coerce a service running with \"erlsrv.exe\" to execute arbitrary code as Local System. This can occur only under specific conditions on Windows with unsafe filesystem permissions."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Incorrect Access Control"}]}]},"references":{"reference_data":[{"name":"https://github.com/erlang/otp/releases/tag/OTP-23.2.3","refsource":"MISC","url":"https://github.com/erlang/otp/releases/tag/OTP-23.2.3"},{"name":"https://deepsurface.com/deepsurface-security-advisory-local-privilege-escalation-in-erlang-on-windows-cve-2021-29221/","refsource":"MISC","url":"https://deepsurface.com/deepsurface-security-advisory-local-privilege-escalation-in-erlang-on-windows-cve-2021-29221/"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T22:02:51.425Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://github.com/erlang/otp/releases/tag/OTP-23.2.3"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://deepsurface.com/deepsurface-security-advisory-local-privilege-escalation-in-erlang-on-windows-cve-2021-29221/"}]}]},"cveMetadata":{"assignerOrgId":"17539d52-06bd-4776-9c7a-95dc115e9083","assignerShortName":"DeepSurface","cveId":"CVE-2021-29221","datePublished":"2021-04-09T13:34:59.000Z","dateReserved":"2021-03-25T00:00:00.000Z","dateUpdated":"2024-08-03T22:02:51.425Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}