CVE-2021-32706

Pi-hole's Web interface provides a central location to manage a Pi-hole instance and review performance statistics. Prior to Pi-hole Web interface version 5.5.1, the `validDomainWildcard` preg_match filter allows a malicious character through that can be used to execute code, list directories, and overwrite sensitive files. The issue lies in the fact that one of the periods is not escaped, allowing any character to be used in its place. A patch for this vulnerability was released in version 5.5.1.

CVSS v3 8.8 HIGH
CVSS v2.0 6.5 MEDIUM

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://github.com/pi-hole/AdminLTE/releases/tag/v5.5.1	Release Notes Third Party Advisory
https://github.com/pi-hole/AdminLTE/security/advisories/GHSA-5cm9-6p3m-v259	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:pi-hole:pi-hole:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-08-04 18:15

Updated : 2022-04-25 19:55

NVD link : CVE-2021-32706

Mitre link : CVE-2021-32706

CVE.ORG link : CVE-2021-32706

JSON object : View

Products Affected

pi-hole

pi-hole

CWE

NVD-CWE-Other CWE-94

Improper Control of Generation of Code ('Code Injection')

{"id": "CVE-2021-32706", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 4.7, "exploitabilityScore": 2.8}]}, "published": "2021-08-04T18:15:09.447", "references": [{"url": "https://github.com/pi-hole/AdminLTE/releases/tag/v5.5.1", "tags": ["Release Notes", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/pi-hole/AdminLTE/security/advisories/GHSA-5cm9-6p3m-v259", "tags": ["Exploit", "Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}, {"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "Pi-hole's Web interface provides a central location to manage a Pi-hole instance and review performance statistics. Prior to Pi-hole Web interface version 5.5.1, the `validDomainWildcard` preg_match filter allows a malicious character through that can be used to execute code, list directories, and overwrite sensitive files. The issue lies in the fact that one of the periods is not escaped, allowing any character to be used in its place. A patch for this vulnerability was released in version 5.5.1."}, {"lang": "es", "value": "La interfaz web de Pi-hole proporciona una ubicaci\u00f3n central para administrar una instancia de Pi-hole y revisar las estad\u00edsticas de rendimiento. Anterior a versi\u00f3n 5.5.1 de la interfaz web de Pi-hole, el filtro \"validDomainWildcard\" preg_match permite el paso de un car\u00e1cter malicioso que puede ser usado para ejecutar c\u00f3digo, listar directorios y sobrescribir archivos confidenciales. El problema radica en que uno de los puntos no se escapa, permitiendo usar cualquier car\u00e1cter en su lugar. En versi\u00f3n 5.5.1 se public\u00f3 un parche para esta vulnerabilidad"}], "lastModified": "2022-04-25T19:55:34.857", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pi-hole:pi-hole:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D796EB7A-F490-48CC-AA78-4C908CB3D3D7", "versionEndExcluding": "5.5.1"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}