CVE-2021-35235
Last modified
CVE-2021-35235 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. The ASP.NET debug feature is enabled by default in Kiwi Syslog Server 9.7.2 and previous versions. ASP.NET allows remote debugging of web applications, if configured to do so. EPSS estimates a 1.23% chance of exploitation in the next 30 days.
Description
The ASP.NET debug feature is enabled by default in Kiwi Syslog Server 9.7.2 and previous versions. ASP.NET allows remote debugging of web applications, if configured to do so. Debug mode causes ASP.NET to compile applications with extra information. The information enables a debugger to closely monitor and control the execution of an application. If an attacker could successfully start a remote debugging session, this is likely to disclose sensitive information about the web application and supporting infrastructure that may be valuable in targeting SWI with malicious intent.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Solarwinds | Kiwi Syslog Server | <= 9.7.2 |
References
- https://documentation.solarwinds.com/en/success_center/kss/content/release_notes/kss_9-8_release_notes.htmRelease Notes, Vendor Advisory
- https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35235Release Notes, Vendor Advisory
- https://documentation.solarwinds.com/en/success_center/kss/content/release_notes/kss_9-8_release_notes.htmRelease Notes, Vendor Advisory
- https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35235Release Notes, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-35235?
How severe is CVE-2021-35235?
How do I fix CVE-2021-35235?
Are you affected by CVE-2021-35235?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST