CVE-2021-27184 – This CVE describes an XML External Entity (XXE)... (How to Fix)

Q: What is the severity of CVE-2021-27184?

CVE-2021-27184 has a CVSS score of 7.5 (HIGH). This CVE describes an XML External Entity (XXE) vulnerability in Pelco Digital Sentry Server version 7.18.72.11464. Attackers can exploit this to read arbitrary files from the affected system via out-of-band techniques when the server parses a specific XML file. Organizations using this specific version of Pelco's video management software are affected.

📋 TL;DR

This CVE describes an XML External Entity (XXE) vulnerability in Pelco Digital Sentry Server version 7.18.72.11464. Attackers can exploit this to read arbitrary files from the affected system via out-of-band techniques when the server parses a specific XML file. Organizations using this specific version of Pelco's video management software are affected.

💻 Affected Systems

Products:

Pelco Digital Sentry Server

Versions: 7.18.72.11464

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability triggers when DSControlPoint.exe parses ControlPointCacheShare.xml in %APPDATA%\Pelco directory.

📦 What is this software?

Digital Sentry Server by Pelco

View all CVEs affecting Digital Sentry Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through credential theft, configuration file exfiltration, or lateral movement via stolen data.

🟠

Likely Case

Sensitive file disclosure including configuration files, logs, or credentials stored on the server.

🟢

If Mitigated

Limited impact with proper network segmentation and file system permissions restricting access to sensitive files.

🌐 Internet-Facing: MEDIUM - Requires specific file parsing trigger but could be exploited if server is internet-accessible.

🏢 Internal Only: HIGH - Internal attackers or compromised systems could easily exploit this to steal sensitive data.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires ability to write/modify the ControlPointCacheShare.xml file or trigger its parsing. Public advisory includes technical details.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Pelco support for updated version beyond 7.18.72.11464

Vendor Advisory: https://support.pelco.com/s/article/What-is-the-Digital-Sentry-software-release-revision-history

Restart Required: Yes

Instructions:

1. Check Pelco support for latest version. 2. Backup configuration. 3. Install updated version. 4. Restart services. 5. Verify functionality.

🔧 Temporary Workarounds

Restrict XML file permissions

windows

Set strict permissions on ControlPointCacheShare.xml to prevent unauthorized modification

icacls "%APPDATA%\Pelco\ControlPointCacheShare.xml" /deny Everyone:(W)

Disable external entity processing

windows

Configure XML parser to disable external entity resolution if application settings allow

🧯 If You Can't Patch

Implement strict file system permissions on %APPDATA%\Pelco directory and XML files
Monitor for unauthorized modifications to ControlPointCacheShare.xml and block suspicious processes

🔍 How to Verify

Check if Vulnerable:

Check if Pelco Digital Sentry Server version is 7.18.72.11464 via software interface or registry: HKEY_LOCAL_MACHINE\SOFTWARE\Pelco\DigitalSentry

Check Version:

reg query "HKLM\SOFTWARE\Pelco\DigitalSentry" /v Version

Verify Fix Applied:

Verify version is updated beyond 7.18.72.11464 and test XML parsing with safe payloads

📡 Detection & Monitoring

Log Indicators:

Unusual file access patterns to %APPDATA%\Pelco\ControlPointCacheShare.xml
XML parsing errors in application logs
Outbound connections to unexpected external domains during XML processing

Network Indicators:

DNS requests to unusual domains during XML file processing
Outbound HTTP requests with file contents in payload

SIEM Query:

source="*pelco*" AND (file_path="*ControlPointCacheShare.xml*" OR process="DSControlPoint.exe")

📊 Metadata

CVE ID: CVE-2021-27184

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-611

Published: February 11, 2021

Last Updated: November 21, 2024

🔗 References

https://github.com/vitorespf/Advisories/blob/master/Pelco_Digital_Sentry_Server.txt Exploit,Third Party Advisory
https://support.pelco.com/s/article/What-is-the-Digital-Sentry-software-release-revision-history Release Notes,Vendor Advisory
https://github.com/vitorespf/Advisories/blob/master/Pelco_Digital_Sentry_Server.txt Exploit,Third Party Advisory
https://support.pelco.com/s/article/What-is-the-Digital-Sentry-software-release-revision-history Release Notes,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-27184, you might also want to check these: