Vulnerability Name:

CVE-2021-38294 (CCN-211839)

Assigned:2021-10-21
Published:2021-10-21
Updated:2022-10-18
Summary:A Command Injection vulnerability exists in the getTopologyHistory service of the Apache Storm 2.x prior to 2.2.1 and Apache Storm 1.x prior to 1.2.4. A specially crafted thrift request to the Nimbus server allows Remote Code Execution (RCE) prior to authentication.
CVSS v3 Severity:9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
9.1 Critical (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
9.8 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
9.1 Critical (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-78
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2021-38294

Source: MISC
Type: Exploit, Third Party Advisory, VDB Entry
http://packetstormsecurity.com/files/165019/Apache-Storm-Nimbus-2.2.0-Command-Execution.html

Source: XF
Type: UNKNOWN
apache-cve202138294-code-exec(211839)

Source: MISC
Type: Mailing List, Vendor Advisory
https://lists.apache.org/thread.html/r5fe881f6ca883908b7a0f005d35115af49f43beea7a8b0915e377859%40%3Cuser.storm.apache.org%3E

Source: CCN
Type: Packet Storm Security [11-19-2021]
Apache Storm Nimbus 2.2.0 Command Execution

Source: CCN
Type: oss-sec Mailing List, Thu, 21 Oct 2021 03:02:08 +0000
CVE-2021-38294: Apache Storm: Shell Command Injection Vulnerability in Nimbus Thrift Server

Source: MISC
Type: Mailing List, Third Party Advisory
https://seclists.org/oss-sec/2021/q4/44

Source: CCN
Type: Apache Web site
Apache Storm

Source: CCN
Type: IBM Security Bulletin 6572281 (Tivoli Network Manager)
Due to use of Apache Storm IBM Tivoli Network Manager is vulnerable to arbiraty code execution ( CVE-2021-38294, CVE-2021-40865 )

Source: CCN
Type: Rapid7 Vulnerability and Exploit Database [10-25-2021]
Apache Storm Nimbus getTopologyHistory Unauthenticated Command Execution

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2021-38294

Vulnerable Configuration:Configuration 1:
  • cpe:/a:apache:storm:*:*:*:*:*:*:*:* (Version >= 2.1.0 and < 2.1.1)
  • OR cpe:/a:apache:storm:*:*:*:*:*:*:*:* (Version >= 2.2.0 and < 2.2.1)
  • OR cpe:/a:apache:storm:*:*:*:*:*:*:*:* (Version >= 1.0.0 and < 1.2.4)

    • Configuration CCN 1:
  • cpe:/a:apache:storm:1.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:apache:storm:2.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:apache:storm:2.2.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    apache storm *
    apache storm *
    apache storm *
    apache storm 1.0.0
    apache storm 2.1.0
    apache storm 2.2.0