CVE-2021-32076 - OpenCVE

Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. An attacker can access the 'Web Help Desk Getting Started Wizard', especially the admin account creation page, from a non-privileged IP address network range or loopback address by intercepting the HTTP request and changing the referrer from the public IP address to the loopback.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Solarwinds	Web Help Desk

Configuration 1 [-]

cpe:2.3:a:solarwinds:web_help_desk:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://exchange.xforce.ibmcloud.com/vulnerabilities/208278
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-32076

History

No history.

MITRE

Status: PUBLISHED

Assigner: SolarWinds

Published: 2021-08-26T14:53:25.774505Z

Updated: 2024-09-17T01:00:44.305Z

Reserved: 2021-05-06T00:00:00

Link: CVE-2021-32076

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-08-26T15:15:06.993

Modified: 2024-01-25T21:34:02.087

Link: CVE-2021-32076

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Web Help Desk", "vendor": "SolarWinds", "versions": [{"lessThanOrEqual": "12.7.5", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "SolarWinds would like to thank Moaaz Taha for reporting on the issue in a responsible manner."}], "datePublic": "2021-08-20T00:00:00", "descriptions": [{"lang": "en", "value": "Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. An attacker can access the 'Web Help Desk Getting Started Wizard', especially the admin account creation page, from a non-privileged IP address network range or loopback address by intercepting the HTTP request and changing the referrer from the public IP address to the loopback."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-290", "description": "CWE-290 Authentication Bypass by Spoofing", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-09-02T13:28:36", "orgId": "49f11609-934d-4621-84e6-e02e032104d6", "shortName": "SolarWinds"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-32076"}], "solutions": [{"lang": "en", "value": "SolarWinds has released version 12.7.6 and it is suggested to upgrade as soon as possible."}], "source": {"defect": ["CVE-2021-32076"], "discovery": "UNKNOWN"}, "title": "Access Restriction bypass vulnerability via referrer spoof - Business Logic Bypass", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@solarwinds.com", "DATE_PUBLIC": "2021-08-20T14:12:00.000Z", "ID": "CVE-2021-32076", "STATE": "PUBLIC", "TITLE": "Access Restriction bypass vulnerability via referrer spoof - Business Logic Bypass"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Web Help Desk", "version": {"version_data": [{"version_affected": "<=", "version_value": "12.7.5"}]}}]}, "vendor_name": "SolarWinds"}]}}, "credit": [{"lang": "eng", "value": "SolarWinds would like to thank Moaaz Taha for reporting on the issue in a responsible manner."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. An attacker can access the 'Web Help Desk Getting Started Wizard', especially the admin account creation page, from a non-privileged IP address network range or loopback address by intercepting the HTTP request and changing the referrer from the public IP address to the loopback."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-290 Authentication Bypass by Spoofing"}]}]}, "references": {"reference_data": [{"name": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-32076", "refsource": "MISC", "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-32076"}]}, "solution": [{"lang": "en", "value": "SolarWinds has released version 12.7.6 and it is suggested to upgrade as soon as possible."}], "source": {"defect": ["CVE-2021-32076"], "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T23:17:29.330Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-32076"}]}]}, "cveMetadata": {"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6", "assignerShortName": "SolarWinds", "cveId": "CVE-2021-32076", "datePublished": "2021-08-26T14:53:25.774505Z", "dateReserved": "2021-05-06T00:00:00", "dateUpdated": "2024-09-17T01:00:44.305Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:solarwinds:web_help_desk:*:*:*:*:*:*:*:*", "matchCriteriaId": "8BD320EC-D33D-401B-96BF-0AE79432DDB3", "versionEndIncluding": "12.7.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. An attacker can access the 'Web Help Desk Getting Started Wizard', especially the admin account creation page, from a non-privileged IP address network range or loopback address by intercepting the HTTP request and changing the referrer from the public IP address to the loopback."}, {"lang": "es", "value": "En SolarWinds Web Help Desk versi\u00f3n 12.7.2, se ha detectado una Omisi\u00f3n de Restricciones de Acceso por medio de una suplantaci\u00f3n de referencias. Un atacante puede acceder a \"Web Help Desk Getting Started Wizard\", especialmente a la p\u00e1gina de creaci\u00f3n de la cuenta de administrador, desde un rango de red de direcciones IP sin privilegios o una direcci\u00f3n de loopback al interceptar la petici\u00f3n HTTP y cambiando el referrer de la direcci\u00f3n IP p\u00fablica al loopback"}], "id": "CVE-2021-32076", "lastModified": "2024-01-25T21:34:02.087", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "psirt@solarwinds.com", "type": "Secondary"}]}, "published": "2021-08-26T15:15:06.993", "references": [{"source": "nvd@nist.gov", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/208278"}, {"source": "psirt@solarwinds.com", "tags": ["Vendor Advisory"], "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-32076"}], "sourceIdentifier": "psirt@solarwinds.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-290"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-290"}], "source": "psirt@solarwinds.com", "type": "Secondary"}]}