cvedb.io
CVE-2021-40376
HIGH · CVSS 7.8
EPSS exploitation probability: 0%
Published 2022-03-10T17:43:49.883 · Last modified 2026-06-17T04:06:49.510

Summary

otris Update Manager 1.2.1.0 allows local users to achieve SYSTEM access via unauthenticated calls to exposed interfaces over a .NET named pipe. A remote attack may be possible as well, by leveraging WsHTTPBinding for HTTP traffic on TCP port 9000.

Affected products

otris — update_manager

Does this affect you?

Add your gear to cvedb and we'll alert you only when otris ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.