CVE-2021-45917

critical

Description

The server-request receiver function of Shockwall system has an improper authentication vulnerability. An authenticated attacker of an agent computer within the local area network can use the local registry information to launch server-side request forgery (SSRF) attack on another agent computer, resulting in arbitrary code execution for controlling the system or disrupting service.

References

https://www.twcert.org.tw/tw/cp-132-5433-77f6f-1.html

Details

Source: Mitre, NVD

Published: 2022-01-03

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 7.7

Vector: CVSS2#AV:A/AC:L/Au:S/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9

Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00062

Detections

Analytics