CVE-2021-40186
Last modified
CVE-2021-40186 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. The AppCheck research team identified a Server-Side Request Forgery (SSRF) vulnerability within the DNN CMS platform, formerly known as DotNetNuke. SSRF vulnerabilities allow the attacker to exploit the target system to make network requests on their behalf, allowing a range of possible attacks. EPSS estimates a 1.05% chance of exploitation in the next 30 days.
Description
The AppCheck research team identified a Server-Side Request Forgery (SSRF) vulnerability within the DNN CMS platform, formerly known as DotNetNuke. SSRF vulnerabilities allow the attacker to exploit the target system to make network requests on their behalf, allowing a range of possible attacks. In the most common scenario, the attacker exploits SSRF vulnerabilities to attack systems behind the firewall and access sensitive information from Cloud Provider metadata services.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Dnnsoftware | Dotnetnuke | <= 9.10.2 |
References
- https://appcheck-ng.com/dnn-cms-server-side-request-forgery-cve-2021-40186Exploit, Third Party Advisory
- https://appcheck-ng.com/dnn-cms-server-side-request-forgery-cve-2021-40186Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-40186?
How severe is CVE-2021-40186?
How do I fix CVE-2021-40186?
Are you affected by CVE-2021-40186?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST