Vulnerability Details : CVE-2021-42237
Public exploit exists!
Used for ransomware!
Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability.
Products affected by CVE-2021-42237
- cpe:2.3:a:sitecore:experience_platform:7.5:-:*:*:*:*:*:*
- cpe:2.3:a:sitecore:experience_platform:7.5:update1:*:*:*:*:*:*
- cpe:2.3:a:sitecore:experience_platform:7.5:update2:*:*:*:*:*:*
- cpe:2.3:a:sitecore:experience_platform:8.0:-:*:*:*:*:*:*
- cpe:2.3:a:sitecore:experience_platform:8.0:sp1:*:*:*:*:*:*
- cpe:2.3:a:sitecore:experience_platform:8.0:update1:*:*:*:*:*:*
- cpe:2.3:a:sitecore:experience_platform:8.0:update2:*:*:*:*:*:*
- cpe:2.3:a:sitecore:experience_platform:8.0:update3:*:*:*:*:*:*
- cpe:2.3:a:sitecore:experience_platform:8.0:update4:*:*:*:*:*:*
- cpe:2.3:a:sitecore:experience_platform:8.0:update5:*:*:*:*:*:*
- cpe:2.3:a:sitecore:experience_platform:8.0:update6:*:*:*:*:*:*
- cpe:2.3:a:sitecore:experience_platform:8.0:update7:*:*:*:*:*:*
- cpe:2.3:a:sitecore:experience_platform:8.1:-:*:*:*:*:*:*
- cpe:2.3:a:sitecore:experience_platform:8.1:update1:*:*:*:*:*:*
- cpe:2.3:a:sitecore:experience_platform:8.1:update2:*:*:*:*:*:*
- cpe:2.3:a:sitecore:experience_platform:8.1:update3:*:*:*:*:*:*
- cpe:2.3:a:sitecore:experience_platform:8.2:-:*:*:*:*:*:*
- cpe:2.3:a:sitecore:experience_platform:8.2:update1:*:*:*:*:*:*
- cpe:2.3:a:sitecore:experience_platform:8.2:update2:*:*:*:*:*:*
- cpe:2.3:a:sitecore:experience_platform:8.2:update3:*:*:*:*:*:*
- cpe:2.3:a:sitecore:experience_platform:8.2:update4:*:*:*:*:*:*
- cpe:2.3:a:sitecore:experience_platform:8.2:update5:*:*:*:*:*:*
- cpe:2.3:a:sitecore:experience_platform:8.2:update6:*:*:*:*:*:*
- cpe:2.3:a:sitecore:experience_platform:8.2:update7:*:*:*:*:*:*
CVE-2021-42237 is in the CISA Known Exploited Vulnerabilities Catalog
This issue is known to have been leveraged as part of a ransomware campaign.
CISA vulnerability name:
Sitecore XP Remote Command Execution Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
Sitcore XP contains an insecure deserialization vulnerability which can allow for remote code execution.
Notes:
https://nvd.nist.gov/vuln/detail/CVE-2021-42237
Added on
2022-03-25
Action due date
2022-04-15
Exploit prediction scoring system (EPSS) score for CVE-2021-42237
97.53%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2021-42237
-
Sitecore Experience Platform (XP) PreAuth Deserialization RCE
Disclosure Date: 2021-11-02First seen: 2022-12-23exploit/windows/http/sitecore_xp_cve_2021_42237This module exploits a deserialization vulnerability in the Report.ashx page of Sitecore XP 7.5 to 7.5.2, 8.0 to 8.0.7, 8.1 to 8.1.3, and 8.2 to 8.2.7. Versions 7.2.6 and earlier and 9.0 and later are not affected. The vulnerability occurs due to Report.ashx
CVSS scores for CVE-2021-42237
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2021-42237
-
The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-42237
-
http://packetstormsecurity.com/files/164988/Sitecore-Experience-Platform-XP-Remote-Code-Execution.html
Sitecore Experience Platform (XP) Remote Code Execution ≈ Packet StormThird Party Advisory;VDB Entry
-
https://blog.assetnote.io/2021/11/02/sitecore-rce/
Sitecore Experience Platform Pre-Auth RCE - CVE-2021-42237 – AssetnoteExploit;Third Party Advisory
-
http://sitecore.com
Digital Experience Platform and Content Hub for Digital Transformation | SitecoreVendor Advisory
-
https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1000776
Security Bulletins - Security Bulletin SC2021-003-499266Vendor Advisory
Jump to