CVE-2021-43397 – CVE-2021-43397 is a privilege escalation vulner... (How to Fix)

Q: What is the severity of CVE-2021-43397?

CVE-2021-43397 has a CVSS score of 8.8 (HIGH). CVE-2021-43397 is a privilege escalation vulnerability in LiquidFiles that allows authenticated users with Admin or User Admin privileges to elevate their permissions to Sysadmin level. This affects LiquidFiles installations before version 3.6.3. Attackers with existing administrative access can gain full system control.

📋 TL;DR

CVE-2021-43397 is a privilege escalation vulnerability in LiquidFiles that allows authenticated users with Admin or User Admin privileges to elevate their permissions to Sysadmin level. This affects LiquidFiles installations before version 3.6.3. Attackers with existing administrative access can gain full system control.

💻 Affected Systems

Products:

LiquidFiles

Versions: All versions before 3.6.3

Operating Systems: Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access with Admin or User Admin privileges. Default installations are vulnerable if running affected versions.

📦 What is this software?

Liquidfiles by Liquidfiles

View all CVEs affecting Liquidfiles →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise where an attacker gains Sysadmin privileges, allowing them to access all data, modify system configurations, create new admin accounts, and potentially execute arbitrary code.

🟠

Likely Case

Unauthorized privilege escalation from lower administrative roles to full Sysadmin access, enabling data exfiltration, system configuration changes, and persistence mechanisms.

🟢

If Mitigated

Limited impact if proper access controls, network segmentation, and monitoring are in place to detect privilege escalation attempts.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit details and proof-of-concept code are publicly available. Requires existing administrative credentials.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.6.3

Vendor Advisory: https://man.liquidfiles.com/release_notes/version_3-6-x.html

Restart Required: Yes

Instructions:

1. Backup your LiquidFiles configuration and data. 2. Download LiquidFiles version 3.6.3 or later from the official vendor site. 3. Follow the upgrade instructions specific to your deployment method (appliance, virtual machine, or manual installation). 4. Restart the LiquidFiles service after upgrade completion.

🔧 Temporary Workarounds

Restrict Administrative Access

all

Limit the number of users with Admin or User Admin privileges to only those who absolutely need them.

Network Segmentation

all

Place LiquidFiles instances behind firewalls and restrict access to administrative interfaces to trusted IP addresses only.

🧯 If You Can't Patch

Implement strict access controls and monitor all administrative account activity for suspicious behavior.
Deploy network-based intrusion detection systems to monitor for privilege escalation attempts and anomalous administrative actions.

🔍 How to Verify

Check if Vulnerable:

Check the LiquidFiles web interface admin panel for the current version. If version is below 3.6.3, the system is vulnerable.

Check Version:

curl -k https://<liquidfiles-server>/api/v4/system/version

Verify Fix Applied:

After upgrading, verify the version shows 3.6.3 or higher in the admin panel. Test that Admin users cannot escalate to Sysadmin privileges.

📡 Detection & Monitoring

Log Indicators:

Unusual privilege escalation attempts in application logs
Multiple failed then successful authentication attempts for admin accounts
Unexpected changes to user roles or permissions

Network Indicators:

Unusual API calls to privilege-related endpoints from non-standard IP addresses
Increased traffic to administrative interfaces

SIEM Query:

source="liquidfiles.log" AND ("privilege" OR "escalation" OR "sysadmin")

📊 Metadata

CVE ID: CVE-2021-43397

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-522

Published: November 11, 2021

Last Updated: November 21, 2024

🔗 References

http://packetstormsecurity.com/files/164997/LiquidFiles-3.5.13-Privilege-Escalation.html Exploit,Third Party Advisory,VDB Entry
http://seclists.org/fulldisclosure/2021/Nov/40 Exploit,Mailing List,Third Party Advisory
http://seclists.org/fulldisclosure/2021/Nov/52 Exploit,Mailing List,Third Party Advisory
https://forum.liquidfiles.com/forums/news.6/ Vendor Advisory
https://man.liquidfiles.com/release_notes/version_3-6-x.html Release Notes,Vendor Advisory
http://packetstormsecurity.com/files/164997/LiquidFiles-3.5.13-Privilege-Escalation.html Exploit,Third Party Advisory,VDB Entry
http://seclists.org/fulldisclosure/2021/Nov/40 Exploit,Mailing List,Third Party Advisory
http://seclists.org/fulldisclosure/2021/Nov/52 Exploit,Mailing List,Third Party Advisory
https://forum.liquidfiles.com/forums/news.6/ Vendor Advisory
https://man.liquidfiles.com/release_notes/version_3-6-x.html Release Notes,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-43397, you might also want to check these: