CVE-2021-32076 - OpenCVE

Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. An attacker can access the 'Web Help Desk Getting Started Wizard', especially the admin account creation page, from a non-privileged IP address network range or loopback address by intercepting the HTTP request and changing the referrer from the public IP address to the loopback.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Solarwinds	Web Help Desk

Configuration 1 [-]

cpe:2.3:a:solarwinds:web_help_desk:*:*:*:*:*:*:*:*

References

Link	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/208278	Third Party Advisory VDB Entry
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-32076	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: SolarWinds

Published: 2021-08-20T00:00:00

Updated: 2021-09-02T13:28:36

Reserved: 2021-05-06T00:00:00

Link: CVE-2021-32076

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-08-26T15:15:06.993

Modified: 2024-01-25T21:34:02.087

Link: CVE-2021-32076

JSON object: View

Redhat Information

No data.

CWE

CWE-290

{"containers": {"cna": {"affected": [{"product": "Web Help Desk", "vendor": "SolarWinds", "versions": [{"lessThanOrEqual": "12.7.5", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "SolarWinds would like to thank Moaaz Taha for reporting on the issue in a responsible manner."}], "datePublic": "2021-08-20T00:00:00", "descriptions": [{"lang": "en", "value": "Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. An attacker can access the 'Web Help Desk Getting Started Wizard', especially the admin account creation page, from a non-privileged IP address network range or loopback address by intercepting the HTTP request and changing the referrer from the public IP address to the loopback."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-290", "description": "CWE-290 Authentication Bypass by Spoofing", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-09-02T13:28:36", "orgId": "49f11609-934d-4621-84e6-e02e032104d6", "shortName": "SolarWinds"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-32076"}], "solutions": [{"lang": "en", "value": "SolarWinds has released version 12.7.6 and it is suggested to upgrade as soon as possible."}], "source": {"defect": ["CVE-2021-32076"], "discovery": "UNKNOWN"}, "title": "Access Restriction bypass vulnerability via referrer spoof - Business Logic Bypass", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@solarwinds.com", "DATE_PUBLIC": "2021-08-20T14:12:00.000Z", "ID": "CVE-2021-32076", "STATE": "PUBLIC", "TITLE": "Access Restriction bypass vulnerability via referrer spoof - Business Logic Bypass"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Web Help Desk", "version": {"version_data": [{"version_affected": "<=", "version_value": "12.7.5"}]}}]}, "vendor_name": "SolarWinds"}]}}, "credit": [{"lang": "eng", "value": "SolarWinds would like to thank Moaaz Taha for reporting on the issue in a responsible manner."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. An attacker can access the 'Web Help Desk Getting Started Wizard', especially the admin account creation page, from a non-privileged IP address network range or loopback address by intercepting the HTTP request and changing the referrer from the public IP address to the loopback."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-290 Authentication Bypass by Spoofing"}]}]}, "references": {"reference_data": [{"name": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-32076", "refsource": "MISC", "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-32076"}]}, "solution": [{"lang": "en", "value": "SolarWinds has released version 12.7.6 and it is suggested to upgrade as soon as possible."}], "source": {"defect": ["CVE-2021-32076"], "discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6", "assignerShortName": "SolarWinds", "cveId": "CVE-2021-32076", "datePublished": "2021-08-20T00:00:00", "dateReserved": "2021-05-06T00:00:00", "dateUpdated": "2021-09-02T13:28:36", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:solarwinds:web_help_desk:*:*:*:*:*:*:*:*", "matchCriteriaId": "8BD320EC-D33D-401B-96BF-0AE79432DDB3", "versionEndIncluding": "12.7.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. An attacker can access the 'Web Help Desk Getting Started Wizard', especially the admin account creation page, from a non-privileged IP address network range or loopback address by intercepting the HTTP request and changing the referrer from the public IP address to the loopback."}, {"lang": "es", "value": "En SolarWinds Web Help Desk versi\u00f3n 12.7.2, se ha detectado una Omisi\u00f3n de Restricciones de Acceso por medio de una suplantaci\u00f3n de referencias. Un atacante puede acceder a \"Web Help Desk Getting Started Wizard\", especialmente a la p\u00e1gina de creaci\u00f3n de la cuenta de administrador, desde un rango de red de direcciones IP sin privilegios o una direcci\u00f3n de loopback al interceptar la petici\u00f3n HTTP y cambiando el referrer de la direcci\u00f3n IP p\u00fablica al loopback"}], "id": "CVE-2021-32076", "lastModified": "2024-01-25T21:34:02.087", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "psirt@solarwinds.com", "type": "Secondary"}]}, "published": "2021-08-26T15:15:06.993", "references": [{"source": "nvd@nist.gov", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/208278"}, {"source": "psirt@solarwinds.com", "tags": ["Vendor Advisory"], "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-32076"}], "sourceIdentifier": "psirt@solarwinds.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-290"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-290"}], "source": "psirt@solarwinds.com", "type": "Secondary"}]}