Login Sign Up

CVE-2020-35712

9.8 CRITICAL
SSRF

📋 TL;DR

CVE-2020-35712 is a Server-Side Request Forgery (SSRF) vulnerability in Esri ArcGIS Server that allows attackers to make unauthorized requests from the server to internal or external systems. This affects ArcGIS Server installations before version 10.8, particularly those with certain configurations enabled. Attackers can potentially access internal services, bypass firewalls, or interact with cloud metadata services.

💻 Affected Systems

Products:
  • Esri ArcGIS Server
Versions: All versions before 10.8
Operating Systems: Windows, Linux
Default Config Vulnerable: ✅ No
Notes: Requires specific configurations to be vulnerable; not all ArcGIS Server installations are affected.

📦 What is this software?

Arcgis Server by Esri

View all CVEs affecting Arcgis Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of internal network resources, data exfiltration, or cloud metadata abuse leading to privilege escalation and lateral movement.

🟠

Likely Case

Unauthorized access to internal services, data leakage from backend systems, or interaction with cloud instance metadata APIs.

🟢

If Mitigated

Limited impact due to network segmentation, proper firewall rules, and restricted server permissions.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

SSRF vulnerabilities typically have low exploitation complexity once the vulnerable endpoint is identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 10.8 and later

Vendor Advisory: https://support.esri.com/en/technical-article/000022931

Restart Required: Yes

Instructions:

1. Download ArcGIS Server 10.8 or later from Esri's customer portal. 2. Run the installer and follow upgrade instructions. 3. Restart ArcGIS Server services after installation completes.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict ArcGIS Server's outbound network access to only necessary services

Firewall Rules

all

Implement egress filtering to block unauthorized outbound requests from the server

🧯 If You Can't Patch

  • Implement strict network segmentation and egress filtering
  • Disable or restrict the vulnerable configuration if identified

🔍 How to Verify

Check if Vulnerable:

Check ArcGIS Server version and review configuration for vulnerable settings mentioned in Esri's advisory

Check Version:

Navigate to ArcGIS Server Administrator Directory > System > Properties and check version

Verify Fix Applied:

Confirm ArcGIS Server version is 10.8 or later and test SSRF attempts are blocked

📡 Detection & Monitoring

Log Indicators:

  • Unusual outbound requests from ArcGIS Server
  • Requests to internal IP ranges or cloud metadata endpoints

Network Indicators:

  • ArcGIS Server making unexpected outbound connections
  • Requests to 169.254.169.254 (AWS metadata) or similar cloud endpoints

SIEM Query:

source="arcgis-server" AND (dest_ip=169.254.169.254 OR dest_ip IN [internal_ranges])

📊 Metadata

CVE ID: CVE-2020-35712
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-918
Published: December 26, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-35712, you might also want to check these:

CVE-2023-3432 10.0

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in PlantUML versions prior to ...

Same vulnerability type (CWE-918)
CVE-2025-2828 10.0

This Server-Side Request Forgery (SSRF) vulnerability in langchain-community's RequestsToolkit allow...

Same vulnerability type (CWE-918)
CVE-2023-43654 10.0

TorchServe versions 0.1.0 to 0.8.1 have a critical vulnerability where the default configuration lac...

Same vulnerability type (CWE-918)