Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-45917

Опубликовано: 03 янв. 2022
Источник: nvd
CVSS3: 8
CVSS3: 9
CVSS2: 7.7
EPSS Низкий

Описание

The server-request receiver function of Shockwall system has an improper authentication vulnerability. An authenticated attacker of an agent computer within the local area network can use the local registry information to launch server-side request forgery (SSRF) attack on another agent computer, resulting in arbitrary code execution for controlling the system or disrupting service.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:sun_moon_jingyao:network_computer_terminal_protection_system_firmware:*:*:*:*:*:*:*:*
Версия до 7.20.0401 (исключая)
cpe:2.3:h:sun_moon_jingyao:network_computer_terminal_protection_system:*:*:*:*:*:*:*:*

EPSS

Процентиль: 20%
0.00062
Низкий

8 High

CVSS3

9 Critical

CVSS3

7.7 High

CVSS2

Дефекты

CWE-287
CWE-287

Связанные уязвимости

github логотип

GHSA-vq34-7c65-chv9

github
около 4 лет назад

The server-request receiver function of Shockwall system has an improper authentication vulnerability. An authenticated attacker of an agent computer within the local area network can use the local registry information to launch server-side request forgery (SSRF) attack on another agent computer, resulting in arbitrary code execution for controlling the system or disrupting service.

EPSS

Процентиль: 20%
0.00062
Низкий

8 High

CVSS3

9 Critical

CVSS3

7.7 High

CVSS2

Дефекты

CWE-287
CWE-287