Lucene search

[email protected]CVE-2021-3243

HistoryApr 15, 2021 - 5:15 p.m.

CVE-2021-3243

2021-04-1517:15:12

CWE-79

[email protected]

web.nvd.nist.gov

wfilter

icf

5.0.117

xss vulnerability

lan attacker

payload injection

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

37.5%

JSON

Wfilter ICF 5.0.117 contains a cross-site scripting (XSS) vulnerability. An attacker in the same LAN can craft a packet with a malicious User-Agent header to inject a payload in its logs, where an attacker can take over the system by through its plugin-running function.

Affected configurations

NVD

Node

wfiltericfwfilter_internet_content_filterMatch5.0.117

CPENameOperatorVersion
wfiltericf:wfilter_internet_content_filterwfiltericf wfilter internet content filtereq5.0.117

CPE	Name	Operator	Version
wfiltericf:wfilter_internet_content_filter	wfiltericf wfilter internet content filter	eq	5.0.117

References

drivertom.blogspot.com/2021/01/wfilter-icf-0day-rce.html

Social References

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

37.5%

JSON

Related for CVE-2021-3243

prion1 cvelist1 nvd1