CVE-2021-47718 – OpenBMCS 2.4 contains an unauthenticated direct... (How to Fix)

📋 TL;DR

OpenBMCS 2.4 contains an unauthenticated directory listing vulnerability that allows attackers to browse sensitive directories and access configuration files, database credentials, and system information. This affects all systems running OpenBMCS 2.4 with default configurations. The vulnerability enables information disclosure without requiring authentication.

💻 Affected Systems

Products:

OpenBMCS

Versions: 2.4

Operating Systems: All platforms running OpenBMCS

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the default installation of OpenBMCS 2.4. Directory listing functionality is enabled by default.

📦 What is this software?

Openbmcs by Openbmcs

View all CVEs affecting Openbmcs →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers obtain database credentials and configuration files, leading to full system compromise, data exfiltration, or lateral movement within the network.

🟠

Likely Case

Attackers discover sensitive system information and configuration details that can be used for further attacks or reconnaissance.

🟢

If Mitigated

Limited exposure with only non-sensitive directory contents accessible, though still revealing system structure.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires only web browser access to vulnerable directories. Public exploit code is available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: https://www.openbmcs.com

Restart Required: No

Instructions:

1. Check OpenBMCS website for security updates
2. Upgrade to a patched version if available
3. Apply workarounds if patch is not available

🔧 Temporary Workarounds

Disable Directory Listing

all

Configure web server to disable directory listing for sensitive paths

# For Apache: Add 'Options -Indexes' to .htaccess or virtual host config
# For Nginx: Add 'autoindex off;' to server block

Restrict Access to Sensitive Directories

all

Implement access controls to block unauthenticated access to /debug/ and /php/ directories

# Apache example: <Directory /path/to/debug>
    Require all denied
</Directory>

🧯 If You Can't Patch

Implement network segmentation to isolate OpenBMCS systems from critical assets
Deploy web application firewall (WAF) rules to block directory traversal attempts

🔍 How to Verify

Check if Vulnerable:

Access http://[openbmcs-host]/debug/ or http://[openbmcs-host]/php/ in a web browser. If directory contents are visible, the system is vulnerable.

Check Version:

Check OpenBMCS web interface or configuration files for version information

Verify Fix Applied:

Attempt to access the same URLs after applying fixes. You should receive '403 Forbidden' or similar error instead of directory listing.

📡 Detection & Monitoring

Log Indicators:

Multiple 200 OK responses to directory paths like /debug/, /php/
Unusual access patterns to sensitive directories

Network Indicators:

HTTP GET requests to /debug/ and /php/ directories from untrusted sources

SIEM Query:

source="web_server_logs" AND (uri_path="/debug/" OR uri_path="/php/") AND status=200

📊 Metadata

CVE ID: CVE-2021-47718

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-548

EPSS Score: 0.33% exploit probability (55.5th percentile)

Published: December 9, 2025

Last Updated: December 19, 2025

🔗 References

https://www.exploit-db.com/exploits/50671 Exploit,Third Party Advisory,VDB Entry
https://www.openbmcs.com Product
https://www.vulncheck.com/advisories/openbmcs-directory-listing-information-disclosure Third Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5695.php Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-47718, you might also want to check these: