Vulnerability Description
The server-request receiver function of Shockwall system has an improper authentication vulnerability. An authenticated attacker of an agent computer within the local area network can use the local registry information to launch server-side request forgery (SSRF) attack on another agent computer, resulting in arbitrary code execution for controlling the system or disrupting service.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sun Moon Jingyao | Network Computer Terminal Protection System Firmware | < 7.20.0401 |
| Sun Moon Jingyao | Network Computer Terminal Protection System | All versions |
Related Weaknesses (CWE)
References
- https://www.twcert.org.tw/tw/cp-132-5433-77f6f-1.htmlThird Party Advisory
- https://www.twcert.org.tw/tw/cp-132-5433-77f6f-1.htmlThird Party Advisory
FAQ
What is CVE-2021-45917?
CVE-2021-45917 is a vulnerability with a CVSS score of 8.0 (HIGH). The server-request receiver function of Shockwall system has an improper authentication vulnerability. An authenticated attacker of an agent computer within the local area network can use the local re...
How severe is CVE-2021-45917?
CVE-2021-45917 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-45917?
Check the references section above for vendor advisories and patch information. Affected products include: Sun Moon Jingyao Network Computer Terminal Protection System Firmware, Sun Moon Jingyao Network Computer Terminal Protection System.