CVE-2021-42237

CRITICAL KEV RANSOMWARE NUCLEI

Sitecore Experience Platform - Insecure Deserialization

Title source: rule

Description

Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability.

Exploits (6)

nomisec WORKING POC 1 stars

by vesperp · remote

https://github.com/vesperp/CVE-2021-42237-SiteCore-XP

View Code ZIP pw:eip

nomisec SCANNER

by crankyyash · poc

https://github.com/crankyyash/SiteCore-RCE-Detection

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by AssetNote, gwillcox-r7 · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/sitecore_xp_cve_2021_42237.rb

View Code ZIP pw:eip

inthewild WORKING POC

poc

https://github.com/itsignacioportal/cve-2021-42237

View Code ZIP pw:eip

inthewild WORKING POC

poc

https://github.com/pinkdev1/cve-2021-42237

View Code ZIP pw:eip

vulncheck_xdb WORKING POC

remote

https://github.com/ItsIgnacioPortal/CVE-2021-42237

View Code ZIP pw:eip

Nuclei Templates (1)

Sitecore Experience Platform Pre-Auth RCE

CRITICALby pdteam

Shodan: http.title:"SiteCore" || http.title:"sitecore"

FOFA: title="sitecore"

References (5)

[Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/164988/Sitecore-Experience-Platform-XP-Remote-Code-Execution.html

[Vendor Advisory] http://sitecore.com

[Exploit, Third Party Advisory] https://blog.assetnote.io/2021/11/02/sitecore-rce/

[Vendor Advisory] https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1000776

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-42237

Scores

CVSS v3 9.8

EPSS 0.9437

EPSS Percentile 100.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitation Intel

CISA KEV 2022-03-25

VulnCheck KEV 2022-03-25

InTheWild.io 2021-11-05

ENISA EUVD EUVD-2021-29215

Ransomware Use Confirmed

Classification

CWE

CWE-502

Status published

Affected Products (24)

sitecore/experience_platform

sitecore/experience_platform

sitecore/experience_platform

sitecore/experience_platform

sitecore/experience_platform

sitecore/experience_platform

sitecore/experience_platform

sitecore/experience_platform

sitecore/experience_platform

sitecore/experience_platform

sitecore/experience_platform

sitecore/experience_platform

sitecore/experience_platform

sitecore/experience_platform

sitecore/experience_platform

... and 9 more

Timeline

Published Nov 05, 2021

KEV Added Mar 25, 2022

Tracked Since Feb 18, 2026