VYPR
← All advisories
Unrated severityNVD Advisory· Published Nov 19, 2021· Updated Sep 17, 2024

4MOSAn GCB Doctor - Improper Authorization

CVE-2021-42338

Description

4MOSAn GCB Doctor’s login page has improper validation of Cookie, which allows an unauthenticated remote attacker to bypass authentication by code injection in cookie, and arbitrarily manipulate the system or interrupt services by upload and execution of arbitrary files.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Improper cookie validation in 4MOSAn GCB Doctor allows unauthenticated remote attackers to bypass authentication and execute arbitrary code.

Vulnerability

4MOSAn GCB Doctor version 20210708 (v2.0) contains an improper validation of Cookie in the login page. This flaw allows an unauthenticated remote attacker to inject arbitrary code into the cookie, bypassing authentication mechanisms [1].

Exploitation

An unauthenticated remote attacker can send a specially crafted HTTP request to the login page, injecting malicious code into the cookie. The attacker does not need any prior authentication or user interaction. The cookie injection leads to authentication bypass, allowing the attacker to upload arbitrary files to the system and then execute them [1].

Impact

Successful exploitation allows the attacker to completely bypass authentication and gain administrative control over the affected system. The attacker can upload and execute arbitrary files, leading to full compromise of confidentiality, integrity, and availability (CIA). This includes arbitrary system manipulation or service disruption [1]. The CVSS v3.1 score is 9.8 (Critical) with vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [1].

Mitigation

The vendor has released a fix in version 20210811 (v2.0) of 4MOSAn GCB Doctor. Users should update to this version immediately [1]. There is no known workaround for the vulnerability.

References
  1. 4MOSAn GCB Doctor - Improper Authorization

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.