Vulnerability CVE-2021-32076


Published: 2021-08-26

Description:
Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. An attacker can access the 'Web Help Desk Getting Started Wizard', especially the admin account creation page, from a non-privileged IP address network range or loopback address by intercepting the HTTP request and changing the referrer from the public IP address to the loopback.

Type:

CWE-863

(Incorrect Authorization)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Solarwinds -> Web help desk 

 References:
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-32076
https://exchange.xforce.ibmcloud.com/vulnerabilities/208278

Copyright 2022, cxsecurity.com

 

Back to Top