Local Privilege Escalation Vulnerability in Erlang/OTP Prior to Version 23.2.3

Local Privilege Escalation Vulnerability in Erlang/OTP Prior to Version 23.2.3

CVE-2021-29221 · HIGH Severity

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

A local privilege escalation vulnerability was discovered in Erlang/OTP prior to version 23.2.3. By adding files to an existing installation's directory, a local attacker could hijack accounts of other users running Erlang programs or possibly coerce a service running with "erlsrv.exe" to execute arbitrary code as Local System. This can occur only under specific conditions on Windows with unsafe filesystem permissions.

Learn more about our User Device Pen Test.