Vulnerability Details : CVE-2021-21307
Public exploit exists!
Lucee Server is a dynamic, Java based (JSR-223), tag and scripting language used for rapid web application development. In Lucee Admin before versions 5.3.7.47, 5.3.6.68 or 5.3.5.96 there is an unauthenticated remote code exploit. This is fixed in versions 5.3.7.47, 5.3.6.68 or 5.3.5.96. As a workaround, one can block access to the Lucee Administrator.
Exploit prediction scoring system (EPSS) score for CVE-2021-21307
Probability of exploitation activity in the next 30 days: 97.31%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2021-21307
-
Lucee Administrator imgProcess.cfm Arbitrary File Write
Disclosure Date: 2021-01-15First seen: 2022-12-23exploit/linux/http/lucee_admin_imgprocess_file_writeThis module exploits an arbitrary file write in Lucee Administrator's imgProcess.cfm file to execute commands as the Tomcat user. Authors: - rootxharsh - iamnoooob - wvu <wvu@metasploit.com>
CVSS scores for CVE-2021-21307
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
8.6
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N |
3.9
|
4.0
|
GitHub, Inc. |
CWE ids for CVE-2021-21307
-
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.Assigned by: security-advisories@github.com (Primary)
References for CVE-2021-21307
-
https://github.com/httpvoid/writeups/blob/main/Apple-RCE.md
writeups/Apple-RCE.md at main · httpvoid/writeups · GitHubExploit;Third Party Advisory
-
https://portswigger.net/daily-swig/security-researchers-earn-50k-after-exposing-critical-flaw-in-apple-travel-portal
Security researchers earn $50k after exposing critical flaw in Apple travel portal | The Daily SwigPress/Media Coverage;Third Party Advisory
-
http://packetstormsecurity.com/files/163864/Lucee-Administrator-imgProcess.cfm-Arbitrary-File-Write.html
Lucee Administrator imgProcess.cfm Arbitrary File Write ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
http://ciacfug.org/blog/updating-lucee-as-part-of-a-vulnerability-alert-response
Updating Lucee as Part of a Vulnerability Alert Response - Painless as Promised, or ???Patch;Third Party Advisory
-
https://github.com/lucee/Lucee/commit/6208ab7c44c61d26c79e0b0af10382899f57e1ca
fixes LDEV-3119 · lucee/Lucee@6208ab7 · GitHubPatch;Third Party Advisory
-
https://dev.lucee.org/t/lucee-vulnerability-alert-november-2020/7643
Lucee Vulnerability Alert - November 2020, CVE-2021-21307 - news / blog - Lucee DevVendor Advisory
-
https://github.com/lucee/Lucee/security/advisories/GHSA-2xvv-723c-8p7r
Remote Code Exploit in Lucee Admin · Advisory · lucee/Lucee · GitHubProduct
Products affected by CVE-2021-21307
- cpe:2.3:a:lucee:lucee_server:*:*:*:*:*:*:*:*
- cpe:2.3:a:lucee:lucee_server:*:*:*:*:*:*:*:*
- cpe:2.3:a:lucee:lucee_server:*:*:*:*:*:*:*:*