CVE-2021-45916 - Vulnerability Details - OpenCVE

Description

The programming function of Shockwall system has an improper input validation vulnerability. An authenticated attacker within the local area network can send malicious response to the server to disrupt the service partially.

Published: 2022-01-03

Score: 3.5 Low

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

SUN & MOON RISE CO., LTD.

Shockwall

affected

Version	Status	Constraints
`unspecified`	affected	< 7.20.0401

Configuration 1 [-]

cpe:2.3:a:smr:shenwang_endpoint_protection_security_system:*:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

Vendor Solution

Contact tech support from SUN & MOON RISE CO., LTD.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2021-32631	The programming function of Shockwall system has an improper input validation vulnerability. An authenticated attacker within the local area network can send malicious response to the server to disrupt the service partially.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00099.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://www.twcert.org.tw/tw/cp-132-5432-b9074-1.html

History

No history.

Subscriptions

Smr Shenwang Endpoint Protection Security System

MITRE

Status: PUBLISHED

Assigner: twcert

Published: 2022-01-03T10:10:20.373Z

Updated: 2024-09-16T16:38:51.598Z

Reserved: 2021-12-29T00:00:00.000Z

Link: CVE-2021-45916

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-01-03T10:15:08.327

Modified: 2024-11-21T06:33:16.160

Link: CVE-2021-45916

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-20

{"containers": {"cna": {"affected": [{"product": "Shockwall", "vendor": "SUN & MOON RISE CO., LTD.", "versions": [{"lessThan": "7.20.0401", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2021-12-30T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "The programming function of Shockwall system has an improper input validation vulnerability. An authenticated attacker within the local area network can send malicious response to the server to disrupt the service partially."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-01-03T10:10:20.000Z", "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.twcert.org.tw/tw/cp-132-5432-b9074-1.html"}], "solutions": [{"lang": "en", "value": "Contact tech support from SUN & MOON RISE CO., LTD."}], "source": {"advisory": "TVN-202109020", "discovery": "EXTERNAL"}, "title": "SUN & MOON RISE CO., LTD. Shockwall - Improper Input Validation", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"AKA": "TWCERT/CC", "ASSIGNER": "cve@cert.org.tw", "DATE_PUBLIC": "2021-12-30T08:40:00.000Z", "ID": "CVE-2021-45916", "STATE": "PUBLIC", "TITLE": "SUN & MOON RISE CO., LTD. Shockwall - Improper Input Validation"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Shockwall", "version": {"version_data": [{"version_affected": "<", "version_value": "7.20.0401"}]}}]}, "vendor_name": "SUN & MOON RISE CO., LTD."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The programming function of Shockwall system has an improper input validation vulnerability. An authenticated attacker within the local area network can send malicious response to the server to disrupt the service partially."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-20 Improper Input Validation"}]}]}, "references": {"reference_data": [{"name": "https://www.twcert.org.tw/tw/cp-132-5432-b9074-1.html", "refsource": "MISC", "url": "https://www.twcert.org.tw/tw/cp-132-5432-b9074-1.html"}]}, "solution": [{"lang": "en", "value": "Contact tech support from SUN & MOON RISE CO., LTD."}], "source": {"advisory": "TVN-202109020", "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T04:54:30.919Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.twcert.org.tw/tw/cp-132-5432-b9074-1.html"}]}]}, "cveMetadata": {"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "assignerShortName": "twcert", "cveId": "CVE-2021-45916", "datePublished": "2022-01-03T10:10:20.373Z", "dateReserved": "2021-12-29T00:00:00.000Z", "dateUpdated": "2024-09-16T16:38:51.598Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:smr:shenwang_endpoint_protection_security_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "3E7779B7-5127-44AC-AAAC-E0449236439B", "versionEndExcluding": "7.20.0401", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The programming function of Shockwall system has an improper input validation vulnerability. An authenticated attacker within the local area network can send malicious response to the server to disrupt the service partially."}, {"lang": "es", "value": "La funci\u00f3n programming de Shockwall system presenta una vulnerabilidad de comprobaci\u00f3n de entrada inapropiada. Un atacante autenticado dentro de la red de \u00e1rea local puede enviar una respuesta maliciosa al servidor para interrumpir el servicio parcialmente"}], "id": "CVE-2021-45916", "lastModified": "2024-11-21T06:33:16.160", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 2.7, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 5.1, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 1.4, "source": "twcert@cert.org.tw", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-01-03T10:15:08.327", "references": [{"source": "twcert@cert.org.tw", "tags": ["Third Party Advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-5432-b9074-1.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-5432-b9074-1.html"}], "sourceIdentifier": "twcert@cert.org.tw", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "twcert@cert.org.tw", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}