CVE-2021-45917

Description

The server-request receiver function of Shockwall system has an improper authentication vulnerability. An authenticated attacker of an agent computer within the local area network can use the local registry information to launch server-side request forgery (SSRF) attack on another agent computer, resulting in arbitrary code execution for controlling the system or disrupting service.

CVSS Version 3.1
CVSS Version 2.0

nvd
CVE ID: CVE-2021-45917
Base Score: 9.0
Base Severity: CRITICAL
Vector String:CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Impact Score: 6.0
Exploitability Score: 2.3

cert.org
CVE ID: CVE-2021-45917
Base Score: 8.0
Base Severity: HIGH
Vector String:CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 2.1

nvd
CVE ID: CVE-2021-45917
Base Score: 7.7
Base Severity: HIGH
Vector String:AV:A/AC:L/Au:S/C:C/I:C/A:C

Refrence: NVD MITRE

Description​

Description