CVE-2021-29954 – This vulnerability in Hubs Cloud's Reticulum so... (How to Fix)

Q: What is the severity of CVE-2021-29954?

CVE-2021-29954 has a CVSS score of 9.8 (CRITICAL). This vulnerability in Hubs Cloud's Reticulum software allowed attackers to use the proxy functionality to access internal URLs, including sensitive metadata services. It affects all Hubs Cloud deployments running vulnerable versions, potentially exposing cloud credentials and internal infrastructure.

📋 TL;DR

This vulnerability in Hubs Cloud's Reticulum software allowed attackers to use the proxy functionality to access internal URLs, including sensitive metadata services. It affects all Hubs Cloud deployments running vulnerable versions, potentially exposing cloud credentials and internal infrastructure.

💻 Affected Systems

Products:

Hubs Cloud
Reticulum

Versions: All versions before mozillareality/reticulum/1.0.1/20210428201255

Operating Systems: Any

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all Hubs Cloud deployments using the vulnerable Reticulum software version.

📦 What is this software?

Hubs Cloud Reticulum by Mozilla

View all CVEs affecting Hubs Cloud Reticulum →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could access cloud metadata services to obtain IAM credentials, leading to complete cloud environment compromise, data exfiltration, and lateral movement.

🟠

Likely Case

Unauthorized access to internal services, potential credential theft from metadata services, and exposure of internal network information.

🟢

If Mitigated

Limited to internal service enumeration if proper network segmentation and metadata service protections are in place.

🌐 Internet-Facing: HIGH - The proxy functionality was accessible from the internet, allowing direct exploitation.

🏢 Internal Only: LOW - The vulnerability primarily affected internet-facing components.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple HTTP requests to the proxy endpoint could exploit this vulnerability without authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: mozillareality/reticulum/1.0.1/20210428201255 or later

Vendor Advisory: https://www.mozilla.org/security/advisories/mfsa2021-21/

Restart Required: Yes

Instructions:

1. Update Hubs Cloud deployment to use Reticulum version mozillareality/reticulum/1.0.1/20210428201255 or later. 2. Restart all Reticulum services. 3. Verify the update was successful.

🔧 Temporary Workarounds

Block proxy endpoint

all

Temporarily block access to the vulnerable proxy functionality using web application firewall or network controls.

Restrict metadata service access

all

Implement network policies to restrict access to cloud metadata services from application instances.

🧯 If You Can't Patch

Implement strict network segmentation to isolate Hubs Cloud from metadata services
Deploy web application firewall with rules to block proxy requests to internal URLs

🔍 How to Verify

Check if Vulnerable:

Check Reticulum version in deployment configuration or by querying the service endpoint.

Check Version:

Check deployment configuration or service logs for Reticulum version information.

Verify Fix Applied:

Confirm Reticulum version is mozillareality/reticulum/1.0.1/20210428201255 or later and test that proxy requests to internal URLs are blocked.

📡 Detection & Monitoring

Log Indicators:

HTTP requests to proxy endpoint with internal URLs
Access attempts to metadata service from application instances

Network Indicators:

Outbound connections from Hubs Cloud to metadata service endpoints
Unusual proxy request patterns

SIEM Query:

source="hubs-cloud" AND (url="*/proxy*" OR destination_ip="169.254.169.254")

📊 Metadata

CVE ID: CVE-2021-29954

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-312

Published: June 24, 2021

Last Updated: November 21, 2024

🔗 References

https://bugzilla.mozilla.org/show_bug.cgi?id=1707898 Exploit,Issue Tracking,Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2021-21/ Release Notes,Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1707898 Exploit,Issue Tracking,Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2021-21/ Release Notes,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-29954, you might also want to check these: