CVE-2021-32076

Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. An attacker can access the 'Web Help Desk Getting Started Wizard', especially the admin account creation page, from a non-privileged IP address network range or loopback address by intercepting the HTTP request and changing the referrer from the public IP address to the loopback.

CVSS v3 5.3 MEDIUM
CVSS v2.0 5.0 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/208278	Third Party Advisory VDB Entry
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-32076	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:solarwinds:web_help_desk:*:*:*:*:*:*:*:*

History

25 Jan 2024, 21:34

Type	Values Removed	Values Added
CPE	cpe:2.3:a:solarwinds:web_help_desk:12.7.2:::::::*	cpe:2.3:a:solarwinds:web_help_desk::::::::
References	~~() https://www.solarwinds.com/trust-center/security-advisories/cve-2021-32076 -~~	() https://www.solarwinds.com/trust-center/security-advisories/cve-2021-32076 - Vendor Advisory

07 Nov 2023, 03:35

Type	Values Removed	Values Added
References	~~(MISC) https://www.solarwinds.com/trust-center/security-advisories/cve-2021-32076 - Broken Link~~	() https://www.solarwinds.com/trust-center/security-advisories/cve-2021-32076 -

Information

Published : 2021-08-26 15:15

Updated : 2024-02-28 18:28

NVD link : CVE-2021-32076

Mitre link : CVE-2021-32076

CVE.ORG link : CVE-2021-32076

JSON object : View

Products Affected

solarwinds

web_help_desk

CWE

CWE-290

Authentication Bypass by Spoofing

{"id": "CVE-2021-32076", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "psirt@solarwinds.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2021-08-26T15:15:06.993", "references": [{"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/208278", "tags": ["Third Party Advisory", "VDB Entry"], "source": "nvd@nist.gov"}, {"url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-32076", "tags": ["Vendor Advisory"], "source": "psirt@solarwinds.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-290"}]}, {"type": "Secondary", "source": "psirt@solarwinds.com", "description": [{"lang": "en", "value": "CWE-290"}]}], "descriptions": [{"lang": "en", "value": "Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. An attacker can access the 'Web Help Desk Getting Started Wizard', especially the admin account creation page, from a non-privileged IP address network range or loopback address by intercepting the HTTP request and changing the referrer from the public IP address to the loopback."}, {"lang": "es", "value": "En SolarWinds Web Help Desk versi\u00f3n 12.7.2, se ha detectado una Omisi\u00f3n de Restricciones de Acceso por medio de una suplantaci\u00f3n de referencias. Un atacante puede acceder a \"Web Help Desk Getting Started Wizard\", especialmente a la p\u00e1gina de creaci\u00f3n de la cuenta de administrador, desde un rango de red de direcciones IP sin privilegios o una direcci\u00f3n de loopback al interceptar la petici\u00f3n HTTP y cambiando el referrer de la direcci\u00f3n IP p\u00fablica al loopback"}], "lastModified": "2024-01-25T21:34:02.087", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:solarwinds:web_help_desk:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8BD320EC-D33D-401B-96BF-0AE79432DDB3", "versionEndIncluding": "12.7.2"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@solarwinds.com"}