Lucene search

[email protected]NVD:CVE-2021-45917

HistoryJan 03, 2022 - 10:15 a.m.

CVE-2021-45917

2022-01-0310:15:08

CWE-287

[email protected]

web.nvd.nist.gov

7.7 High

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:S/C:C/I:C/A:C

9 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

0.0005 Low

EPSS

Percentile

17.2%

JSON

The server-request receiver function of Shockwall system has an improper authentication vulnerability. An authenticated attacker of an agent computer within the local area network can use the local registry information to launch server-side request forgery (SSRF) attack on another agent computer, resulting in arbitrary code execution for controlling the system or disrupting service.

Affected configurations

NVD

Node

sun_moon_jingyaonetwork_computer_terminal_protection_system_firmwareRange<7.20.0401

AND

sun_moon_jingyaonetwork_computer_terminal_protection_system

References

www.twcert.org.tw/tw/cp-132-5433-77f6f-1.html

7.7 High

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:S/C:C/I:C/A:C

9 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

0.0005 Low

EPSS

Percentile

17.2%

JSON

Related for NVD:CVE-2021-45917

prion1 cvelist1 cve1 cnvd1