CVE-2021-35391 – This Server-Side Request Forgery (SSRF) vulnera... (How to Fix)

Q: What is the severity of CVE-2021-35391?

CVE-2021-35391 has a CVSS score of 7.2 (HIGH). This Server-Side Request Forgery (SSRF) vulnerability in Deskpro Support Desk allows attackers to craft malicious URLs that trick the server into making unauthorized requests to internal systems. Attackers can exploit this to execute arbitrary code on the server. All organizations running vulnerable versions of Deskpro Support Desk are affected.

📋 TL;DR

This Server-Side Request Forgery (SSRF) vulnerability in Deskpro Support Desk allows attackers to craft malicious URLs that trick the server into making unauthorized requests to internal systems. Attackers can exploit this to execute arbitrary code on the server. All organizations running vulnerable versions of Deskpro Support Desk are affected.

💻 Affected Systems

Products:

Deskpro Support Desk

Versions: v2021.21.6 and earlier

Operating Systems: All platforms running Deskpro

Default Config Vulnerable: ⚠️ Yes

Notes: All installations with the vulnerable version are affected regardless of configuration.

📦 What is this software?

Deskpro by Deskpro

View all CVEs affecting Deskpro →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full server compromise leading to data theft, lateral movement within the network, and complete system control.

🟠

Likely Case

Unauthorized access to internal services, data exfiltration, and potential remote code execution.

🟢

If Mitigated

Limited to denial of service or information disclosure if network segmentation and proper controls exist.

🌐 Internet-Facing: HIGH - Web applications are directly accessible and SSRF can bypass firewalls.

🏢 Internal Only: MEDIUM - Internal attackers could still exploit but require network access.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept exists and SSRF vulnerabilities are commonly weaponized for RCE.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v2021.21.7 or later

Vendor Advisory: http://deskpro.com

Restart Required: Yes

Instructions:

1. Backup your Deskpro installation and database. 2. Download the latest version from Deskpro. 3. Follow Deskpro's upgrade documentation. 4. Restart the application server.

🔧 Temporary Workarounds

Network Segmentation

linux

Restrict outbound network access from the Deskpro server to only necessary services.

iptables -A OUTPUT -p tcp --dport 80 -j DROP
iptables -A OUTPUT -p tcp --dport 443 -j DROP

Input Validation

all

Implement strict URL validation to reject malicious patterns.

🧯 If You Can't Patch

Implement web application firewall rules to block SSRF patterns
Isolate the Deskpro server in a DMZ with restricted outbound access

🔍 How to Verify

Check if Vulnerable:

Check Deskpro version in admin panel or via 'composer show deskpro/deskpro' command.

Check Version:

php bin/console deskpro:version

Verify Fix Applied:

Verify version is v2021.21.7 or later and test SSRF payloads no longer work.

📡 Detection & Monitoring

Log Indicators:

Unusual outbound HTTP requests from Deskpro server
Requests to internal IP addresses or localhost

Network Indicators:

HTTP traffic from Deskpro server to unexpected internal services
Port scanning patterns originating from Deskpro

SIEM Query:

source="deskpro.logs" AND (url="*://127.0.0.1*" OR url="*://localhost*" OR url="*://192.168.*" OR url="*://10.*")

📊 Metadata

CVE ID: CVE-2021-35391

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-918

Published: July 21, 2023

Last Updated: November 21, 2024

🔗 References

http://deskpro.com Product
https://sayaanalam.github.io/CVE-2021-35391.html Exploit
http://deskpro.com Product
https://sayaanalam.github.io/CVE-2021-35391.html Exploit

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-35391, you might also want to check these: