Lucene search

TwcertCVELIST:CVE-2021-45917

HistoryDec 30, 2021 - 12:00 a.m.

CVE-2021-45917 SUN & MOON RISE CO., LTD. Shockwall - Improper Authentication

2021-12-3000:00:00

CWE-287

twcert

www.cve.org

8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.2%

JSON

The server-request receiver function of Shockwall system has an improper authentication vulnerability. An authenticated attacker of an agent computer within the local area network can use the local registry information to launch server-side request forgery (SSRF) attack on another agent computer, resulting in arbitrary code execution for controlling the system or disrupting service.

CNA Affected

[
  {
    "product": "Shockwall",
    "vendor": "SUN & MOON RISE CO., LTD.",
    "versions": [
      {
        "lessThan": "7.20.0401",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.twcert.org.tw/tw/cp-132-5433-77f6f-1.html

8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.2%

JSON

Related for CVELIST:CVE-2021-45917