CVE-2021-44548

An Improper Input Validation vulnerability in DataImportHandler of Apache Solr allows an attacker to provide a Windows UNC path resulting in an SMB network call being made from the Solr host to another host on the network. If the attacker has wider access to the network, this may lead to SMB attacks, which may result in: * The exfiltration of sensitive data such as OS user hashes (NTLM/LM hashes), * In case of misconfigured systems, SMB Relay Attacks which can lead to user impersonation on SMB Shares or, in a worse-case scenario, Remote Code Execution This issue affects all Apache Solr versions prior to 8.11.1. This issue only affects Windows.

CVSS v3 9.8 CRITICAL
CVSS v2.0 6.8 MEDIUM

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://security.netapp.com/advisory/ntap-20220114-0005/	Third Party Advisory
https://solr.apache.org/security.html#cve-2021-44548-apache-solr-information-disclosure-vulnerability-through-dataimporthandler	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-12-23 09:15

Updated : 2024-02-28 18:48

NVD link : CVE-2021-44548

Mitre link : CVE-2021-44548

CVE.ORG link : CVE-2021-44548

JSON object : View

Products Affected

microsoft

windows

apache

solr

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-20

Improper Input Validation

CWE-40

Path Traversal: '\\UNC\share\name\' (Windows UNC Share)

{"id": "CVE-2021-44548", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2021-12-23T09:15:06.693", "references": [{"url": "https://security.netapp.com/advisory/ntap-20220114-0005/", "tags": ["Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://solr.apache.org/security.html#cve-2021-44548-apache-solr-information-disclosure-vulnerability-through-dataimporthandler", "tags": ["Vendor Advisory"], "source": "security@apache.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}, {"type": "Secondary", "source": "security@apache.org", "description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-40"}]}], "descriptions": [{"lang": "en", "value": "An Improper Input Validation vulnerability in DataImportHandler of Apache Solr allows an attacker to provide a Windows UNC path resulting in an SMB network call being made from the Solr host to another host on the network. If the attacker has wider access to the network, this may lead to SMB attacks, which may result in: * The exfiltration of sensitive data such as OS user hashes (NTLM/LM hashes), * In case of misconfigured systems, SMB Relay Attacks which can lead to user impersonation on SMB Shares or, in a worse-case scenario, Remote Code Execution This issue affects all Apache Solr versions prior to 8.11.1. This issue only affects Windows."}, {"lang": "es", "value": "Una vulnerabilidad de Comprobaci\u00f3n de Entrada Inapropiada en DataImportHandler de Apache Solr permite a un atacante proporcionar una ruta UNC de Windows que resulta en una llamada de red SMB que es hecha desde el host Solr a otro host en la red. Si el atacante presenta un acceso m\u00e1s amplio a la red, esto puede conllevar a ataques SMB, que pueden resultar en: * La exfiltraci\u00f3n de datos confidenciales como los hashes de usuario del Sistema Operativo (hashes NTLM/LM), * En caso de sistemas configurados inapropiadamente, ataques de retransmisi\u00f3n SMB que pueden conllevar a una suplantaci\u00f3n de usuarios en recursos compartidos SMB o, en el peor de los casos, una ejecuci\u00f3n de c\u00f3digo remota. Este problema afecta a todas las versiones de Apache Solr anteriores a 8.11.1. Este problema s\u00f3lo afecta a Windows"}], "lastModified": "2022-08-09T13:28:40.967", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ABDB705B-5A94-4FF9-B292-0977F7CE5255", "versionEndExcluding": "8.11.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "security@apache.org"}