Vulnerability Details : CVE-2021-35235
The ASP.NET debug feature is enabled by default in Kiwi Syslog Server 9.7.2 and previous versions. ASP.NET allows remote debugging of web applications, if configured to do so. Debug mode causes ASP.NET to compile applications with extra information. The information enables a debugger to closely monitor and control the execution of an application. If an attacker could successfully start a remote debugging session, this is likely to disclose sensitive information about the web application and supporting infrastructure that may be valuable in targeting SWI with malicious intent.
Products affected by CVE-2021-35235
- cpe:2.3:a:solarwinds:kiwi_syslog_server:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-35235
2.39%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 84 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-35235
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
|
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
3.9
|
1.4
|
NIST | |
|
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
3.9
|
1.4
|
SolarWinds |
CWE ids for CVE-2021-35235
-
Debugging messages help attackers learn about the system and plan a form of attack.Assigned by: psirt@solarwinds.com (Secondary)
References for CVE-2021-35235
-
https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35235
SolarWinds Trust Center Security Advisories | CVE-2021-35235Release Notes;Vendor Advisory
-
https://documentation.solarwinds.com/en/success_center/kss/content/release_notes/kss_9-8_release_notes.htm
KSS 9.8 Release NotesRelease Notes;Vendor Advisory
Jump to