Login Sign Up

CVE-2021-33318

9.8 CRITICAL
Authentication Bypass

📋 TL;DR

This vulnerability allows attackers to bypass IP address filtering in applications using vulnerable versions of WatsonWebserver or IpMatcher packages. Attackers can craft malicious IP addresses or netmasks that are incorrectly validated, potentially gaining unauthorized access. Any .NET application using these packages for IP-based access control is affected.

💻 Affected Systems

Products:
  • WatsonWebserver
  • IpMatcher
Versions: IpMatcher 1.0.4.1 and below, WatsonWebserver 4.1.3 and below
Operating Systems: Windows, Linux, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: Any .NET application using these packages for IP address validation or filtering is vulnerable regardless of configuration.

📦 What is this software?

Ipmatcher by Ipmatcher Project

View all CVEs affecting Ipmatcher →

Watsonwebserver by Watsonwebserver Project

View all CVEs affecting Watsonwebserver →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete authentication bypass leading to unauthorized access to protected resources, potential data exposure, or remote code execution if combined with other vulnerabilities.

🟠

Likely Case

Bypass of IP-based access controls allowing unauthorized access to web applications or APIs that rely on these packages for IP filtering.

🟢

If Mitigated

Limited impact if additional authentication layers exist beyond IP filtering, though IP-based security controls would be compromised.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires sending specially crafted IP addresses or netmasks to bypass validation logic.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: IpMatcher 1.0.4.2+, WatsonWebserver 4.1.4+

Vendor Advisory: https://github.com/jchristn/IpMatcher/commit/81d77c2f33aa912dbd032b34b9e184fc6e041d89

Restart Required: Yes

Instructions:

1. Update NuGet packages to IpMatcher >=1.0.4.2 or WatsonWebserver >=4.1.4. 2. Rebuild and redeploy applications. 3. Restart affected services.

🔧 Temporary Workarounds

Implement additional IP validation layer

all

Add custom IP address validation before passing to vulnerable packages

Use network-level filtering

all

Implement firewall rules or network ACLs instead of application-level IP filtering

🧯 If You Can't Patch

  • Implement web application firewall (WAF) rules to block suspicious IP patterns
  • Add additional authentication layers beyond IP-based access control

🔍 How to Verify

Check if Vulnerable:

Check project dependencies for IpMatcher <=1.0.4.1 or WatsonWebserver <=4.1.3 in .csproj files or NuGet packages.

Check Version:

dotnet list package | findstr /i "IpMatcher WatsonWebserver"

Verify Fix Applied:

Verify updated packages show IpMatcher >=1.0.4.2 or WatsonWebserver >=4.1.4 in dependencies.

📡 Detection & Monitoring

Log Indicators:

  • Unusual IP addresses in access logs
  • Requests from unexpected IP ranges bypassing filters

Network Indicators:

  • Traffic from IP addresses that should be blocked by application logic

SIEM Query:

source_ip NOT IN allowed_ips AND action="allowed" WHERE application="affected_app"

📊 Metadata

CVE ID: CVE-2021-33318
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-704
Published: May 16, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-33318, you might also want to check these:

CVE-2020-6151 9.8

This is a critical memory corruption vulnerability in Accusoft ImageGear's TIFF file parser. Attacke...

Same vulnerability type (CWE-704)
CVE-2024-5436 9.8

A type confusion vulnerability in Snapchat's LensCore component could allow attackers to cause denia...

Same vulnerability type (CWE-704)
CVE-2023-21651 9.3

CVE-2023-21651 is a memory corruption vulnerability in Qualcomm's Trusted Execution Environment (TEE...

Same vulnerability type (CWE-704)