// For flags

CVE-2021-45917

SUN & MOON RISE CO., LTD. Shockwall - Improper Authentication

Severity Score

9.0
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The server-request receiver function of Shockwall system has an improper authentication vulnerability. An authenticated attacker of an agent computer within the local area network can use the local registry information to launch server-side request forgery (SSRF) attack on another agent computer, resulting in arbitrary code execution for controlling the system or disrupting service.

La función server-request receiver de Shockwall system presenta una vulnerabilidad de autenticación inapropiada. Un atacante autenticado de un ordenador agente dentro de la red de área local puede usar la información del registro local para lanzar un ataque de tipo server-side request forgery (SSRF) en otro ordenador agente, resultando en la ejecución de código arbitrario para controlar el sistema o interrumpir el servicio

*Credits: N/A
CVSS Scores
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Adjacent
Attack Complexity
Low
Authentication
Single
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-12-29 CVE Reserved
  • 2022-01-03 CVE Published
  • 2023-07-27 EPSS Updated
  • 2024-09-16 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-287: Improper Authentication
CAPEC
References (1)
URL Tag Source
https://www.twcert.org.tw/tw/cp-132-5433-77f6f-1.html Third Party Advisory
URL Date SRC
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Sun Moon Jingyao
Search vendor "Sun Moon Jingyao"
 Network Computer Terminal Protection System Firmware
Search vendor "Sun Moon Jingyao" for product "Network Computer Terminal Protection System Firmware"
 < 7.20.0401
Search vendor "Sun Moon Jingyao" for product "Network Computer Terminal Protection System Firmware" and version " < 7.20.0401"
-
Affected
in Sun Moon Jingyao
Search vendor "Sun Moon Jingyao"
 Network Computer Terminal Protection System
Search vendor "Sun Moon Jingyao" for product "Network Computer Terminal Protection System"
*-
Safe