CVE-2021-35064
📋 TL;DR
CVE-2021-35064 is a privilege escalation vulnerability in KramerAV VIAWare that allows attackers to gain root access through sudo misconfiguration. The sudoers file permits execution of dangerous commands like unzip, systemctl, and dpkg without proper restrictions. All tested versions of VIAWare are affected.
💻 Affected Systems
- KramerAV VIAWare
📦 What is this software?
Viaware by Kramerav
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise with root access leading to complete control of the device, data theft, installation of persistent backdoors, and use as a pivot point in the network.
Likely Case
Privilege escalation from a low-privileged user to root, enabling installation of malware, modification of system configurations, and lateral movement.
If Mitigated
Limited impact if proper access controls, network segmentation, and least privilege principles are implemented.
🎯 Exploit Status
Exploitation requires initial access to a low-privileged user account. The sudo misconfiguration makes privilege escalation straightforward once initial access is obtained.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not specified
Vendor Advisory: https://www.kramerav.com/us/product/viaware
Restart Required: No
Instructions:
1. Check KramerAV website for security updates. 2. Apply any available patches. 3. Review and harden sudo configuration.
🔧 Temporary Workarounds
Harden Sudo Configuration
linuxModify sudoers file to remove unnecessary command permissions and implement least privilege.
sudo visudo
# Remove or restrict dangerous commands like unzip, systemctl, dpkg from user permissions
Restrict User Access
allLimit which users can access the system and implement strong authentication.
🧯 If You Can't Patch
- Implement network segmentation to isolate VIAWare systems from critical assets
- Monitor sudo usage and system logs for suspicious activity
🔍 How to Verify
Check if Vulnerable:
Check sudoers configuration for overly permissive commands: sudo cat /etc/sudoers | grep -E '(unzip|systemctl|dpkg)'Check Version:
Check VIAWare version through web interface or system documentationVerify Fix Applied:
Verify sudoers file no longer contains dangerous commands without proper restrictions📡 Detection & Monitoring
Log Indicators:
- Unusual sudo command executions
- Privilege escalation attempts
- Execution of unzip, systemctl, or dpkg by non-admin users
Network Indicators:
- Unexpected outbound connections from VIAWare systems
- Traffic to known malicious IPs
SIEM Query:
source="sudo" AND (command="unzip" OR command="systemctl" OR command="dpkg")