CVE-2021-3456

HIGH

Foreman smart_proxy_salt < 2.1.5 - Authenticated Incorrect Authorization

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-3456. PoCs published by mrk336.

AI-analyzed exploit summary This repository provides a detailed technical writeup of an attack chain involving a malicious PDF, PowerShell execution, SMB pivoting, and a Python reverse shell. It includes code snippets and defensive strategies but lacks a complete functional exploit.

Description

An improper authorization handling flaw was found in Foreman. The Salt plugin for the smart-proxy allows foreman clients to execute actions that should be limited to the Foreman Server. This flaw allows an authenticated local attacker to access and delete limited resources and also causes a denial of service on the Foreman server. The highest threat from this vulnerability is to integrity and system availability.

Exploits (1)

nomisec WRITEUP 1 stars
by mrk336 · poc
https://github.com/mrk336/CVE-2021-3456

This repository provides a detailed technical writeup of an attack chain involving a malicious PDF, PowerShell execution, SMB pivoting, and a Python reverse shell. It includes code snippets and defensive strategies but lacks a complete functional exploit.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Theoretical
Target: Windows (PDF reader, PowerShell, SMB)
No auth needed
Prerequisites: Victim interaction to open PDF · Network access to attacker-controlled endpoints · Outbound SMB connectivity
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1
Core References
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1941001

Scores

CVSS v3 7.1
EPSS 0.0019
EPSS Percentile 9.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Details

CWE
CWE-863
Status published
Products (1)
theforeman/smart_proxy_salt < 2.1.5
Published Mar 30, 2022
Tracked Since Feb 18, 2026