CVE-2021-36231 – CVE-2021-36231 is a deserialization vulnerabili... (How to Fix)

Q: What is the severity of CVE-2021-36231?

CVE-2021-36231 has a CVSS score of 8.8 (HIGH). CVE-2021-36231 is a deserialization vulnerability in MIK.starlight 7.9.5.24363 that allows authenticated remote attackers to execute arbitrary operating system commands by sending crafted serialized objects. This affects systems running the vulnerable version of MIK.starlight software with authenticated user access.

📋 TL;DR

CVE-2021-36231 is a deserialization vulnerability in MIK.starlight 7.9.5.24363 that allows authenticated remote attackers to execute arbitrary operating system commands by sending crafted serialized objects. This affects systems running the vulnerable version of MIK.starlight software with authenticated user access.

💻 Affected Systems

Products:

MIK.starlight

Versions: 7.9.5.24363

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access to the application. All deployments of the affected version are vulnerable.

📦 What is this software?

Mik.starlight by Unit4

View all CVEs affecting Mik.starlight →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining root/system-level access, deploying ransomware, or establishing persistent backdoors.

🟠

Likely Case

Attacker executes commands with application service account privileges, potentially accessing sensitive data or moving laterally within the network.

🟢

If Mitigated

Attack contained to isolated application environment with minimal privileges and no critical data access.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but uses publicly documented deserialization techniques.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 7.9.6 or later

Vendor Advisory: https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-035.txt

Restart Required: Yes

Instructions:

1. Download latest version from vendor. 2. Backup current installation. 3. Install update following vendor documentation. 4. Restart application services.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to MIK.starlight to only trusted IP addresses

Application Firewall Rules

all

Implement WAF rules to block serialized object patterns in requests

🧯 If You Can't Patch

Implement strict network segmentation to isolate vulnerable systems
Apply principle of least privilege to application service accounts

🔍 How to Verify

Check if Vulnerable:

Check application version in admin interface or configuration files for 7.9.5.24363

Check Version:

Check application web interface or consult vendor documentation

Verify Fix Applied:

Verify version is 7.9.6 or higher in application interface

📡 Detection & Monitoring

Log Indicators:

Unusual serialization/deserialization errors
Suspicious command execution patterns in application logs
Authentication from unusual locations

Network Indicators:

Serialized Java objects in HTTP requests
Outbound connections from application server to unknown destinations

SIEM Query:

source="MIK.starlight" AND (error="deserialization" OR cmd="*" OR process="cmd.exe")

📊 Metadata

CVE ID: CVE-2021-36231

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-502

Published: August 31, 2021

Last Updated: November 21, 2024

🔗 References

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-035.txt Exploit,Third Party Advisory
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-035.txt Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-36231, you might also want to check these: