Authenticated SSRF in Third Party Intelligence (CVE-2021-41385)

The Securonix Cloud third party intelligence connector in Securonix SNYPR Version 6.3.1 Build:184295_0302 allowed an authenticated user to access server configuration details.

At the time of this announcement, Securonix is not aware of any cases where this vulnerability has been actively exploited. In the interest of notifying our customers in a responsible manner, at the time of this posting the CVE identifier is referred to as CVE-2021-41385. Once an identifier has been assigned by a CVE Numbering Authority this notification will be updated. Securonix uses Common Vulnerability Scoring System version 3.1 (CVSS v3.1) to standardize the calculation of severity scores for each vulnerability.

Products Versions and Components

  • Product Version: Securonix Cloud 6.3.x. This issue does not impact on-premise and private cloud hosted customers.

  • Ingestion of third party intelligence data (CVE-2021-41385).

Mitigation

  • Securonix upgraded the authentication architecture to block information application server disclosure attempts.

  • The issue was mitigated; no further action is needed.

Vulnerability Summary and Rating

Authenticated SSRF in third party intelligence (CVE-2021-41385)

Securonix SNYPR Versions 6.3.1 Build:184295_0302 and earlier are affected by a vulnerability that allows an authenticated attacker to perform a SSRF using third party intelligence connector (CVE-2021-41385).

Credits: Securonix would like to thank Anis Kothia and Luis Guzman for reporting this issue.

CVSS Severity (Version 3.1)

CVSS Base Score

2.0

CVSS Temporal Subscore

1.8

CVSS Environmental Subscore

1.2

Overall CVSS Score

2.0

Document History

2021-Oct-26: Rev 2 - Added CVE number

2021-Sep-16: Rev 1 - Initial Release