Login Sign Up

CVE-2021-27007

9.8 CRITICAL
Authentication Bypass

📋 TL;DR

This vulnerability allows an unauthenticated attacker to hijack active Remote Desktop Sessions in NetApp Virtual Desktop Service when used with an HTML5 gateway. Attackers can take over authenticated user sessions without credentials. Organizations using NetApp VDS with HTML5 gateway are affected.

💻 Affected Systems

Products:
  • NetApp Virtual Desktop Service (VDS)
Versions: All versions prior to 2.0.0.1004
Operating Systems: All supported platforms for NetApp VDS
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects deployments using the HTML5 gateway component. Other VDS configurations without HTML5 gateway are not vulnerable.

📦 What is this software?

Virtual Desktop Service by Netapp

View all CVEs affecting Virtual Desktop Service →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of all active remote desktop sessions, allowing attackers to access sensitive data, execute commands as authenticated users, and move laterally within the network.

🟠

Likely Case

Session hijacking leading to unauthorized access to user desktops, data theft, and potential credential harvesting from active sessions.

🟢

If Mitigated

Limited impact if proper network segmentation, session monitoring, and access controls prevent unauthenticated access to the HTML5 gateway interface.

🌐 Internet-Facing: HIGH - The HTML5 gateway component is typically exposed to users over networks, making internet-facing deployments particularly vulnerable.
🏢 Internal Only: HIGH - Even internally deployed systems are vulnerable as the attack requires no authentication and can be launched from within the network.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The vulnerability allows session takeover without authentication, suggesting relatively straightforward exploitation once the attack vector is understood.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.0.0.1004 and later

Vendor Advisory: https://security.netapp.com/advisory/ntap-20211223-0008/

Restart Required: Yes

Instructions:

1. Download VDS version 2.0.0.1004 or later from NetApp Support Site. 2. Backup current VDS configuration. 3. Deploy the updated VDS software following NetApp upgrade procedures. 4. Restart VDS services to apply the patch.

🔧 Temporary Workarounds

Disable HTML5 Gateway

all

Temporarily disable the HTML5 gateway component if not essential for operations

Refer to NetApp VDS administration guide for disabling HTML5 gateway

Network Access Restrictions

all

Restrict network access to the HTML5 gateway interface using firewall rules

Configure firewall to allow only trusted IP addresses to access VDS HTML5 gateway port

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate VDS systems from untrusted networks
  • Enable detailed session logging and monitoring for suspicious session takeover activities

🔍 How to Verify

Check if Vulnerable:

Check VDS version in administration console. If version is below 2.0.0.1004 and HTML5 gateway is enabled, the system is vulnerable.

Check Version:

Check version in NetApp VDS administration interface or via 'vds-version' command in VDS CLI

Verify Fix Applied:

Confirm VDS version is 2.0.0.1004 or higher in administration console and verify HTML5 gateway functionality works without session hijacking.

📡 Detection & Monitoring

Log Indicators:

  • Multiple session takeover attempts from single IP
  • Unauthenticated access to session management endpoints
  • Abnormal session creation patterns

Network Indicators:

  • Unusual traffic patterns to VDS HTML5 gateway port
  • Session hijacking attempts via HTTP requests

SIEM Query:

source="vds-logs" AND (event="session_takeover" OR event="unauthorized_session_access")

📊 Metadata

CVE ID: CVE-2021-27007
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Published: December 23, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON