Login Sign Up

CVE-2021-21909

8.1 HIGH
Path Traversal

📋 TL;DR

CVE-2021-21909 is a path traversal vulnerability in a file deletion command that allows arbitrary file deletion via specially crafted arguments. Attackers can delete critical system files by manipulating command inputs. This affects systems running vulnerable versions of the affected software.

💻 Affected Systems

Products:
  • Specific software name not provided in CVE description
Versions: Version range not specified in provided information
Operating Systems: Likely cross-platform based on CWE-22
Default Config Vulnerable: ⚠️ Yes
Notes: Affects systems where the vulnerable file deletion command is accessible and accepts user input.

📦 What is this software?

Ic Module Firmware by Garrett

View all CVEs affecting Ic Module Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through deletion of critical OS files, leading to system instability, data loss, or denial of service.

🟠

Likely Case

Unauthorized deletion of application or user data, causing service disruption and potential data integrity issues.

🟢

If Mitigated

Limited impact with proper input validation and file permission restrictions in place.

🌐 Internet-Facing: MEDIUM - Requires command execution capability, but could be exploited through web interfaces or APIs.
🏢 Internal Only: HIGH - Internal users or compromised accounts could easily exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires ability to pass arguments to the vulnerable command, which typically requires some level of access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for specific patched version

Vendor Advisory: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1359

Restart Required: Yes

Instructions:

1. Identify affected software version
2. Apply vendor-provided patch
3. Restart affected services
4. Verify patch application

🔧 Temporary Workarounds

Input Validation

all

Implement strict input validation to prevent path traversal characters in command arguments

Implement input sanitization in code: reject arguments containing '../', '..\', or absolute paths

File Permission Restrictions

linux

Run application with minimal file system permissions

chmod 750 /path/to/application
setfacl -m u:appuser:rx /path/to/restricted

🧯 If You Can't Patch

  • Implement strict access controls to limit who can execute the vulnerable command
  • Monitor file deletion activities and implement alerting for suspicious patterns

🔍 How to Verify

Check if Vulnerable:

Test if the file deletion command accepts path traversal sequences like '../../etc/passwd' in arguments

Check Version:

Check software version using vendor-specific command (e.g., software --version)

Verify Fix Applied:

Verify that path traversal attempts are rejected and proper input validation is in place

📡 Detection & Monitoring

Log Indicators:

  • Unusual file deletion patterns
  • Commands with path traversal sequences
  • Failed file deletion attempts with suspicious paths

Network Indicators:

  • N/A - Local command execution vulnerability

SIEM Query:

source="application.log" AND ("..\" OR "../") AND ("delete" OR "del" OR "rm")

📊 Metadata

CVE ID: CVE-2021-21909
CVSS v3 Score: 8.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
CWE: CWE-22
Published: December 22, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-21909, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)