CVE-2021-40843

Proofpoint Insider Threat Management Server contains an unsafe deserialization vulnerability in the Web Console. An attacker with write access to the local database could cause arbitrary code to execute with SYSTEM privileges on the underlying server when a Web Console user triggers retrieval of that data. When chained with a SQL injection vulnerability, the vulnerability could be exploited remotely if Web Console users click a series of maliciously crafted URLs. All versions prior to 7.11.2 are affected.

CVSS v3 7.3 HIGH
CVSS v2.0 6.9 MEDIUM

7.3^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.3 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.9^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 3.4 / Impact : 10.0

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://www.proofpoint.com/us/security/security-advisories	Vendor Advisory
https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2021-0009	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:proofpoint:insider_threat_management_server:*:*:*:*:*:*:*:*

History

19 Oct 2021, 20:37

Type	Values Removed	Values Added
References	~~(MISC) https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2021-0009 -~~	(MISC) https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2021-0009 - Vendor Advisory
References	~~(MISC) https://www.proofpoint.com/us/security/security-advisories -~~	(MISC) https://www.proofpoint.com/us/security/security-advisories - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 6.9 v3 : 7.3
CPE		cpe:2.3:a:proofpoint:insider_threat_management_server::::::::
CWE		CWE-502

13 Oct 2021, 19:57

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-10-13 18:15

Updated : 2023-12-10 14:09

NVD link : CVE-2021-40843

Mitre link : CVE-2021-40843

CVE.ORG link : CVE-2021-40843

JSON object : View

Products Affected

proofpoint

insider_threat_management_server

CWE

CWE-502

Deserialization of Untrusted Data

{"id": "CVE-2021-40843", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.3}]}, "published": "2021-10-13T18:15:08.053", "references": [{"url": "https://www.proofpoint.com/us/security/security-advisories", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2021-0009", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-502"}]}], "descriptions": [{"lang": "en", "value": "Proofpoint Insider Threat Management Server contains an unsafe deserialization vulnerability in the Web Console. An attacker with write access to the local database could cause arbitrary code to execute with SYSTEM privileges on the underlying server when a Web Console user triggers retrieval of that data. When chained with a SQL injection vulnerability, the vulnerability could be exploited remotely if Web Console users click a series of maliciously crafted URLs. All versions prior to 7.11.2 are affected."}, {"lang": "es", "value": "Proofpoint Insider Threat Management Server contiene una vulnerabilidad de deserializaci\u00f3n no segura en la consola web. Un atacante con acceso de escritura a la base de datos local podr\u00eda causar la ejecuci\u00f3n de c\u00f3digo arbitrario con privilegios SYSTEM en el servidor subyacente cuando un usuario de la Consola Web desencadena la recuperaci\u00f3n de esos datos. Cuando se encadena con una vulnerabilidad de inyecci\u00f3n SQL, la vulnerabilidad podr\u00eda ser explotada remotamente si usuarios de la Consola Web hacen clic en una serie de URLs maliciosamente dise\u00f1adas. Todas las versiones anteriores a 7.11.2 est\u00e1n afectadas"}], "lastModified": "2021-10-19T20:37:44.640", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:proofpoint:insider_threat_management_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C084FE53-559E-4813-80AD-EB212C05CACE", "versionEndExcluding": "7.11.2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}