Lucene search

[email protected]CVE-2021-31762

HistoryApr 25, 2021 - 7:15 p.m.

CVE-2021-31762

2021-04-2519:15:00

CWE-352

[email protected]

web.nvd.nist.gov

webmin

csrf

vulnerability

privileged user

reverse shell

security

nvd

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.013 Low

EPSS

Percentile

85.5%

JSON

Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to create a privileged user through Webmin’s add users feature, and then get a reverse shell through Webmin’s running process feature.

CPENameOperatorVersion
webmin:webminwebmineq1.973

CPE	Name	Operator	Version
webmin:webmin	webmin	eq	1.973

References

packetstormsecurity.com/files/163492/Webmin-1.973-Cross-Site-Request-Forgery.html

github.com/electronicbots/CVE-2021-31762

github.com/Mesh3l911/CVE-2021-31762

github.com/webmin/webmin

youtu.be/qCvEXwyaF5U

Social References

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.013 Low

EPSS

Percentile

85.5%

JSON

Related for CVE-2021-31762

githubexploit2 prion1 osv1 packetstorm1 zdt1 exploitdb1 openvas1