CVE-2021-26705 – This vulnerability allows unauthenticated attac... (How to Fix)

Q: What is the severity of CVE-2021-26705?

CVE-2021-26705 has a CVSS score of 9.1 (CRITICAL). This vulnerability allows unauthenticated attackers to invoke sensitive RMI methods in SquareBox CatDV Server, which can be used to generate valid authentication tokens. These tokens then enable administrative access, including password hash disclosure. All CatDV Server installations through version 9.2 are affected.

📋 TL;DR

This vulnerability allows unauthenticated attackers to invoke sensitive RMI methods in SquareBox CatDV Server, which can be used to generate valid authentication tokens. These tokens then enable administrative access, including password hash disclosure. All CatDV Server installations through version 9.2 are affected.

💻 Affected Systems

Products:

SquareBox CatDV Server

Versions: Through 9.2

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations are vulnerable as the RMI methods lack authentication controls.

📦 What is this software?

Catdv by Squarebox

View all CVEs affecting Catdv →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with administrative access, password hash theft, and potential lateral movement within the network.

🟠

Likely Case

Unauthorized administrative access leading to data theft, system manipulation, and privilege escalation.

🟢

If Mitigated

Limited impact if proper network segmentation and authentication controls prevent RMI method access.

🌐 Internet-Facing: HIGH - Unauthenticated remote exploitation allows complete system takeover from the internet.

🏢 Internal Only: HIGH - Even internal attackers can exploit this without credentials to gain administrative privileges.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit code is publicly available and requires no authentication, making exploitation trivial.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 9.2.1 or later

Vendor Advisory: https://www.squarebox.com/

Restart Required: Yes

Instructions:

1. Download and install CatDV Server version 9.2.1 or later from SquareBox. 2. Stop the CatDV Server service. 3. Apply the update. 4. Restart the CatDV Server service.

🔧 Temporary Workarounds

Network Access Control

all

Restrict network access to CatDV Server RMI ports (typically 1099) to trusted IP addresses only.

Firewall Blocking

all

Block inbound connections to CatDV Server RMI ports from untrusted networks.

🧯 If You Can't Patch

Isolate CatDV Server on a segmented network with strict access controls
Implement network monitoring and alerting for RMI method invocation attempts

🔍 How to Verify

Check if Vulnerable:

Check CatDV Server version in administration interface or configuration files. Versions 9.2 and earlier are vulnerable.

Check Version:

Check CatDV Server web interface or consult server configuration files for version information.

Verify Fix Applied:

Verify installation of version 9.2.1 or later and test that unauthenticated RMI method calls are rejected.

📡 Detection & Monitoring

Log Indicators:

Unauthenticated RMI method calls
getConnections method invocation from untrusted sources
Authentication token generation without proper credentials

Network Indicators:

RMI traffic to port 1099 from unexpected sources
Unusual administrative task execution patterns

SIEM Query:

source="catdv" AND (method="getConnections" OR auth_token_generated) AND user="anonymous"

📊 Metadata

CVE ID: CVE-2021-26705

CVSS v3 Score: 9.1 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE: CWE-306

Published: March 5, 2021

Last Updated: November 21, 2024

🔗 References

https://www.exploit-db.com/exploits/49621 Exploit,Third Party Advisory,VDB Entry
https://www.exploit-db.com/exploits/49621 Exploit,Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-26705, you might also want to check these: