Plattform
other
Komponente
mini-mouse
Behoben in
9.2.1
CVE-2021-47850 describes a path traversal vulnerability discovered in Mini Mouse versions 9.2.0 through 9.2.0. This flaw allows remote attackers to bypass access controls and retrieve sensitive files and directory listings from the system. Successful exploitation could lead to information disclosure and compromise of the affected system. A fix is pending, and mitigation strategies are recommended.
The path traversal vulnerability in Mini Mouse allows attackers to manipulate file and path parameters within HTTP requests to access files and directories outside of the intended scope. This means an attacker could potentially retrieve sensitive configuration files like win.ini, view the contents of system directories such as C:\Users\Public, and potentially gain access to other critical system data. The blast radius extends to any data accessible by the user account running the Mini Mouse application. While there's no immediate indication of remote code execution, the ability to read arbitrary files could be a stepping stone for further attacks.
CVE-2021-47850 was published on 2026-01-21. Currently, there are no known public exploits or active campaigns targeting this vulnerability. Its inclusion in the KEV catalog is pending. The vulnerability's simplicity suggests a moderate likelihood of exploitation once a proof-of-concept is developed and made public.
Systems running Mini Mouse version 9.2.0 are directly at risk. Organizations with publicly accessible instances of Mini Mouse, or those with weak access controls, are particularly vulnerable. Shared hosting environments where multiple users share the same server instance are also at increased risk.
disclosure
Exploit-Status
EPSS
0.30% (53% Perzentil)
CISA SSVC
CVSS-Vektor
Since a patch is not yet available, immediate mitigation focuses on limiting the potential impact of this vulnerability. Implement Web Application Firewall (WAF) rules to restrict access to sensitive files and directories. Specifically, block requests containing path traversal sequences like ../ or absolute paths. Review and restrict file permissions for the Mini Mouse application to minimize the potential damage if the vulnerability is exploited. Consider temporarily disabling or isolating the Mini Mouse application until a patch is released. Monitor system logs for suspicious activity related to file access.
Actualizar a una versión parcheada o desinstalar la aplicación Mini Mouse. La vulnerabilidad permite el acceso a archivos sensibles del sistema, por lo que es crucial tomar medidas inmediatas.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2021-47850 is a vulnerability in Mini Mouse versions 9.2.0-9.2.0 that allows attackers to access files outside of the intended directory using crafted HTTP requests.
If you are running Mini Mouse version 9.2.0, you are potentially affected by this vulnerability. Check with the vendor for a patch.
The recommended fix is to upgrade to a patched version of Mini Mouse as soon as it becomes available. In the meantime, use a WAF to restrict access.
No active exploitation has been confirmed at this time, but the vulnerability's ease of exploitation makes it a potential target.
Refer to the Mini Mouse vendor's website or security advisories for the official advisory regarding CVE-2021-47850.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.