Login Sign Up

CVE-2021-28134

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

CVE-2021-28134 is a remote command execution vulnerability in Clipper clipboard manager. Attackers can send malicious IPC messages to the exposed ipcRenderer interface, which triggers the dangerous openExternal API to execute arbitrary commands. Users running Clipper versions before 1.0.5 are affected.

💻 Affected Systems

Products:
  • Clipper
Versions: All versions before 1.0.5
Operating Systems: Windows, Linux, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: The vulnerability exists in the Electron-based IPC interface and affects all default installations.

📦 What is this software?

Clipper by Clipper Project

View all CVEs affecting Clipper →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control of the victim's machine, allowing data theft, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Remote code execution leading to malware installation, credential theft, or lateral movement within the network.

🟢

If Mitigated

Limited impact if proper network segmentation and application sandboxing are implemented, potentially containing the attack to the user context.

🌐 Internet-Facing: HIGH
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The exploit requires sending crafted IPC messages to the vulnerable interface, which is relatively straightforward for attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.0.5

Vendor Advisory: https://github.com/AkashRajpurohit/clipper/releases/tag/v1.0.5

Restart Required: Yes

Instructions:

1. Download Clipper v1.0.5 or later from the official GitHub releases page. 2. Uninstall the vulnerable version. 3. Install the patched version. 4. Restart the application.

🔧 Temporary Workarounds

Network Isolation

all

Block incoming network connections to Clipper using firewall rules

sudo ufw deny out 3000/tcp
netsh advfirewall firewall add rule name="BlockClipper" dir=in action=block program="C:\Path\To\Clipper.exe" enable=yes

Application Sandboxing

linux

Run Clipper in a restricted environment or container

firejail --net=none clipper
docker run --security-opt no-new-privileges -it clipper

🧯 If You Can't Patch

  • Uninstall Clipper completely if patching is not possible
  • Implement strict network segmentation to isolate systems running vulnerable Clipper versions

🔍 How to Verify

Check if Vulnerable:

Check Clipper version in application settings or About dialog. If version is below 1.0.5, the system is vulnerable.

Check Version:

clipper --version or check Help > About in the application

Verify Fix Applied:

Verify Clipper version is 1.0.5 or higher. Test by attempting to send IPC messages to verify the openExternal API is properly restricted.

📡 Detection & Monitoring

Log Indicators:

  • Unusual IPC message patterns
  • openExternal API calls with suspicious URLs or commands
  • Process creation from Clipper with unusual parameters

Network Indicators:

  • Unexpected network connections originating from Clipper process
  • IPC communication on unusual ports

SIEM Query:

process_name:"clipper.exe" AND (cmdline:*openExternal* OR parent_process:*ipcRenderer*)

📊 Metadata

CVE ID: CVE-2021-28134
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Published: March 11, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON