CVE-2021-47703 — HIGH (7.2)

Vulnerability Description

OpenBMCS 2.4 contains an unauthenticated SSRF vulnerability that allows attackers to bypass firewalls and initiate service and network enumeration on the internal network through the affected application, allowing hijacking of current sessions. Attackers can specify an external domain in the 'ip' parameter to force the application to make an HTTP request to an arbitrary destination host.

CVSS Score

7.2

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Openbmcs	Openbmcs	2.4

Related Weaknesses (CWE)

CWE-918

References

https://www.exploit-db.com/exploits/50670ExploitThird Party AdvisoryVDB Entry
https://www.openbmcs.comProduct
https://www.vulncheck.com/advisories/openbmcs-server-side-request-forgery-ssrf-vThird Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5694.phpExploitThird Party Advisory

FAQ

What is CVE-2021-47703?

CVE-2021-47703 is a vulnerability with a CVSS score of 7.2 (HIGH). OpenBMCS 2.4 contains an unauthenticated SSRF vulnerability that allows attackers to bypass firewalls and initiate service and network enumeration on the internal network through the affected applicat...

How severe is CVE-2021-47703?

CVE-2021-47703 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-47703?

Check the references section above for vendor advisories and patch information. Affected products include: Openbmcs Openbmcs.