CVE-2021-45917

{"id": "CVE-2021-45917", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.7, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 5.1, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "twcert@cert.org.tw", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.0, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.1}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.0, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.3}]}, "published": "2022-01-03T10:15:08.390", "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-5433-77f6f-1.html", "tags": ["Third Party Advisory"], "source": "twcert@cert.org.tw"}, {"url": "https://www.twcert.org.tw/tw/cp-132-5433-77f6f-1.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "twcert@cert.org.tw", "description": [{"lang": "en", "value": "CWE-287"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "The server-request receiver function of Shockwall system has an improper authentication vulnerability. An authenticated attacker of an agent computer within the local area network can use the local registry information to launch server-side request forgery (SSRF) attack on another agent computer, resulting in arbitrary code execution for controlling the system or disrupting service."}, {"lang": "es", "value": "La funci\u00f3n server-request receiver de Shockwall system presenta una vulnerabilidad de autenticaci\u00f3n inapropiada. Un atacante autenticado de un ordenador agente dentro de la red de \u00e1rea local puede usar la informaci\u00f3n del registro local para lanzar un ataque de tipo server-side request forgery (SSRF) en otro ordenador agente, resultando en la ejecuci\u00f3n de c\u00f3digo arbitrario para controlar el sistema o interrumpir el servicio"}], "lastModified": "2024-11-21T06:33:16.283", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sun_moon_jingyao:network_computer_terminal_protection_system_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F4C5A07A-4EC0-4C55-AA34-8456B6390AEC", "versionEndExcluding": "7.20.0401"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sun_moon_jingyao:network_computer_terminal_protection_system:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B270A307-73C6-4189-B8E9-001D6B317BDD"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "twcert@cert.org.tw"}