CVE-2021-33318
Last modified
CVE-2021-33318 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. An Input Validation Vulnerability exists in Joel Christner .NET C# packages WatsonWebserver, IpMatcher 1.0.4.1 and below (IpMatcher) and 4.1.3 and below (WatsonWebserver) due to insufficient validation of input IP addresses and netmasks against the internal Matcher list of IP addresses and subnets.. EPSS estimates a 1.92% chance of exploitation in the next 30 days.
Description
An Input Validation Vulnerability exists in Joel Christner .NET C# packages WatsonWebserver, IpMatcher 1.0.4.1 and below (IpMatcher) and 4.1.3 and below (WatsonWebserver) due to insufficient validation of input IP addresses and netmasks against the internal Matcher list of IP addresses and subnets.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Ipmatcher Project | Ipmatcher | <= 1.0.4.1 |
| Watsonwebserver Project | Watsonwebserver | <= 4.1.3 |
References
- https://github.com/jchristn/IpMatcherThird Party Advisory
- https://github.com/jchristn/IpMatcher/commit/81d77c2f33aa912dbd032b34b9e184fc6e041d89Patch, Third Party Advisory
- https://github.com/jchristn/WatsonWebserverThird Party Advisory
- https://github.com/kaoudis/advisories/blob/main/0-2021.mdExploit, Third Party Advisory
- https://github.com/jchristn/IpMatcherThird Party Advisory
- https://github.com/jchristn/IpMatcher/commit/81d77c2f33aa912dbd032b34b9e184fc6e041d89Patch, Third Party Advisory
- https://github.com/jchristn/WatsonWebserverThird Party Advisory
- https://github.com/kaoudis/advisories/blob/main/0-2021.mdExploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-33318?
How severe is CVE-2021-33318?
How do I fix CVE-2021-33318?
Are you affected by CVE-2021-33318?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST