CVE-2021-3342 – CVE-2021-3342 is a critical vulnerability in EP... (How to Fix)

Q: What is the severity of CVE-2021-3342?

CVE-2021-3342 has a CVSS score of 9.8 (CRITICAL). CVE-2021-3342 is a critical vulnerability in EPrints 3.4.2 that allows remote attackers to read arbitrary files and potentially execute commands on the server. Attackers exploit this by sending crafted LaTeX input to the cgi/latex2png endpoint. Any organization running vulnerable EPrints installations is affected.

📋 TL;DR

CVE-2021-3342 is a critical vulnerability in EPrints 3.4.2 that allows remote attackers to read arbitrary files and potentially execute commands on the server. Attackers exploit this by sending crafted LaTeX input to the cgi/latex2png endpoint. Any organization running vulnerable EPrints installations is affected.

💻 Affected Systems

Products:

EPrints

Versions: 3.4.2 and likely earlier versions

Operating Systems: Linux, Unix-based systems

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the latex2png CGI script which processes user-supplied LaTeX input.

📦 What is this software?

Eprints by Eprints

View all CVEs affecting Eprints →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full server compromise leading to data theft, ransomware deployment, or complete system takeover.

🟠

Likely Case

Arbitrary file reading exposing sensitive configuration files, credentials, and user data, followed by command execution.

🟢

If Mitigated

Limited impact with proper input validation and file system restrictions in place.

🌐 Internet-Facing: HIGH - The vulnerable endpoint is typically internet-accessible and requires no authentication.

🏢 Internal Only: MEDIUM - Internal attackers could still exploit this, but external exposure is more dangerous.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation is straightforward with publicly available proof-of-concept code targeting the latex2png endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: EPrints 3.4.3 or later

Vendor Advisory: https://files.eprints.org/2548/

Restart Required: No

Instructions:

1. Upgrade to EPrints 3.4.3 or later. 2. Apply the security patch from the vendor advisory. 3. Verify the latex2png script no longer processes dangerous LaTeX commands.

🔧 Temporary Workarounds

Disable latex2png endpoint

linux

Remove or restrict access to the vulnerable CGI script

mv /var/www/eprints/cgi/latex2png /var/www/eprints/cgi/latex2png.disabled
chmod 000 /var/www/eprints/cgi/latex2png.disabled

Web server access control

all

Block access to the vulnerable URI using web server configuration

# Apache: <Location "/cgi/latex2png">
    Order deny,allow
    Deny from all
</Location>
# Nginx: location ~ ^/cgi/latex2png { deny all; }

🧯 If You Can't Patch

Implement strict network segmentation to isolate EPrints servers from sensitive systems
Deploy a web application firewall (WAF) with rules to block malicious LaTeX input patterns

🔍 How to Verify

Check if Vulnerable:

Test if the /cgi/latex2png?latex= endpoint accepts and processes LaTeX input containing file read or command injection attempts

Check Version:

grep '\$version' /path/to/eprints/archives/*/cfg/cfg.d/*.pl | head -1

Verify Fix Applied:

Verify the patch prevents file read attempts and command execution via the latex2png endpoint

📡 Detection & Monitoring

Log Indicators:

Unusual POST/GET requests to /cgi/latex2png with LaTeX commands
System command execution from web server process
File read attempts from unexpected locations

Network Indicators:

HTTP requests containing LaTeX commands like \input, \write18, or file paths

SIEM Query:

source="web_server_logs" AND uri="/cgi/latex2png" AND (query="*latex=*" OR method="POST")

📊 Metadata

CVE ID: CVE-2021-3342

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-78

Published: March 1, 2021

Last Updated: November 21, 2024

🔗 References

https://files.eprints.org/2548/ Patch,Vendor Advisory
https://files.eprints.org/2549/ Patch,Vendor Advisory
https://github.com/grymer/CVE/blob/master/eprints_security_review.pdf Exploit,Patch,Third Party Advisory
https://files.eprints.org/2548/ Patch,Vendor Advisory
https://files.eprints.org/2549/ Patch,Vendor Advisory
https://github.com/grymer/CVE/blob/master/eprints_security_review.pdf Exploit,Patch,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-3342, you might also want to check these: