CVE-2021-40371
📋 TL;DR
This vulnerability allows attackers to perform directory traversal attacks in Gridpro Request Management for Windows Azure Pack, potentially leading to remote code execution. By manipulating the scriptName JSON parameter with sequences like ..\, attackers can access files outside the intended directory. This affects all users running vulnerable versions of this software.
💻 Affected Systems
- Gridpro Request Management for Windows Azure Pack
📦 What is this software?
Request Management by Gridprosoftware
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise with administrative privileges, data exfiltration, and persistent backdoor installation.
Likely Case
Unauthorized file access, sensitive information disclosure, and potential code execution on the affected server.
If Mitigated
Limited impact with proper input validation and file system restrictions in place.
🎯 Exploit Status
Proof-of-concept exploit code is publicly available and demonstrates simple directory traversal.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.0.7912
Vendor Advisory: https://www.gridprosoftware.com/products/requestmanagement/
Restart Required: Yes
Instructions:
1. Download version 2.0.7912 or later from Gridpro Software. 2. Backup current installation. 3. Install the updated version. 4. Restart the application/service.
🔧 Temporary Workarounds
Input Validation Filter
allImplement input validation to reject path traversal sequences in scriptName parameter
Implement regex filter: if (input.Contains("..\\") || input.Contains("../")) { reject request; }
Web Application Firewall Rule
allBlock requests containing directory traversal patterns
WAF rule: deny requests with payload containing "..\\" or "../" in JSON parameters
🧯 If You Can't Patch
- Isolate the vulnerable system from internet access and restrict internal network access
- Implement strict network segmentation and monitor for suspicious file access patterns
🔍 How to Verify
Check if Vulnerable:
Check if version is below 2.0.7912 and test the ServiceManagerTenant/GetVisibilityMap endpoint with traversal payloadsCheck Version:
Check application version in control panel or via application interfaceVerify Fix Applied:
Verify installation of version 2.0.7912 or later and test that traversal payloads are rejected📡 Detection & Monitoring
Log Indicators:
- HTTP requests to ServiceManagerTenant/GetVisibilityMap with ..\ sequences in parameters
- Unusual file access patterns from web application process
Network Indicators:
- HTTP POST requests containing directory traversal patterns in JSON payloads
SIEM Query:
source="web_logs" AND uri="*ServiceManagerTenant/GetVisibilityMap*" AND (payload="*..\\*" OR payload="*../*")🔗 References
- http://packetstormsecurity.com/files/164621/GridPro-Request-Management-For-Windows-Azure-Pack-2.0.7905-Directory-Traversal.html
- http://seclists.org/fulldisclosure/2021/Oct/33
- https://www.gridprosoftware.com/products/requestmanagement/
- http://packetstormsecurity.com/files/164621/GridPro-Request-Management-For-Windows-Azure-Pack-2.0.7905-Directory-Traversal.html
- http://seclists.org/fulldisclosure/2021/Oct/33
- https://www.gridprosoftware.com/products/requestmanagement/
