CVE-2020-35558 – This vulnerability is a Server-Side Request For... (How to Fix)

Q: What is the severity of CVE-2020-35558?

CVE-2020-35558 has a CVSS score of 7.5 (HIGH). This vulnerability is a Server-Side Request Forgery (SSRF) in the MySQL access check of MB connect line products, allowing attackers to scan internal network ports and potentially gather credential information. It affects mymbCONNECT24, mbCONNECT24, Helmholz myREX24, and myREX24.virtual installations. Attackers can exploit this to map internal networks and discover sensitive information.

📋 TL;DR

This vulnerability is a Server-Side Request Forgery (SSRF) in the MySQL access check of MB connect line products, allowing attackers to scan internal network ports and potentially gather credential information. It affects mymbCONNECT24, mbCONNECT24, Helmholz myREX24, and myREX24.virtual installations. Attackers can exploit this to map internal networks and discover sensitive information.

💻 Affected Systems

Products:

mymbCONNECT24
mbCONNECT24
Helmholz myREX24
myREX24.virtual

Versions: through 2.11.2

Operating Systems: Not OS-specific - affects the application itself

Default Config Vulnerable: ⚠️ Yes

Notes: All installations up to version 2.11.2 are vulnerable by default.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could map internal networks, discover credentials for other services, and potentially pivot to compromise additional systems.

🟠

Likely Case

Internal network reconnaissance leading to discovery of other vulnerable services and credential harvesting.

🟢

If Mitigated

Limited to port scanning and information gathering without direct system compromise.

🌐 Internet-Facing: HIGH - These products are typically internet-facing remote access solutions.

🏢 Internal Only: MEDIUM - Could be exploited from internal networks if accessible.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SSRF vulnerabilities are commonly exploited and tools exist for automated exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 2.11.2

Vendor Advisory: https://mbconnectline.com/security-advice/

Restart Required: Yes

Instructions:

1. Check current version. 2. Update to latest version from vendor. 3. Restart services. 4. Verify update completed successfully.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to vulnerable systems and limit outbound connections

Firewall Rules

all

Block outbound connections from affected systems to internal networks

🧯 If You Can't Patch

Implement strict network segmentation to isolate affected systems
Deploy web application firewall with SSRF protection rules

🔍 How to Verify

Check if Vulnerable:

Check application version in admin interface - if version is 2.11.2 or earlier, system is vulnerable.

Check Version:

Check via web admin interface or consult vendor documentation

Verify Fix Applied:

Verify version is updated to later than 2.11.2 and test SSRF functionality is blocked.

📡 Detection & Monitoring

Log Indicators:

Unusual outbound connection attempts from application server
Multiple connection attempts to internal IP ranges

Network Indicators:

Outbound connections from application server to unexpected internal services
Port scanning patterns originating from application server

SIEM Query:

source_ip=application_server AND (dest_port=3306 OR dest_port=1433 OR dest_port=5432) AND action=connection_attempt

📊 Metadata

CVE ID: CVE-2020-35558

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-918

Published: February 16, 2021

Last Updated: November 21, 2024

🔗 References

https://cert.vde.com/en/advisories/VDE-2021-003 Third Party Advisory
https://cert.vde.com/en/advisories/VDE-2022-039 Third Party Advisory
https://mbconnectline.com/security-advice/ Vendor Advisory
https://cert.vde.com/en/advisories/VDE-2021-003 Third Party Advisory
https://cert.vde.com/en/advisories/VDE-2022-039 Third Party Advisory
https://mbconnectline.com/security-advice/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-35558, you might also want to check these: