CVE-2021-2177
published 2021-04-22CVE-2021-2177: Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Gateway). The supported version that is affected is 5.6. Easily…
PriorityP261critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
EPSS
2.50%
82.7th percentile
Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Gateway). The supported version that is affected is 5.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Secure Global Desktop. While the vulnerability is in Oracle Secure Global Desktop, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Secure Global Desktop.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| oracle | secure_global_desktop | — | — |
| oracle_corporation | secure_global_desktop | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerability affects Oracle Secure Global Desktop version 5.6, specifically the Gateway component. Detection should focus on unauthenticated network-level exploitation attempts against SGD Gateway services. ↗
- →The vulnerability is exploitable via multiple protocols over the network without authentication, and successful exploitation results in full takeover. Monitor for anomalous unauthenticated sessions or unexpected process execution originating from the SGD Gateway component. ↗
- →This vulnerability carries a CVSS score of 10.0 and is remotely exploitable. Prioritize alerting on any external/unauthenticated access to Oracle SGD Gateway endpoints. ↗
- ·The vulnerability is scoped to Oracle Secure Global Desktop version 5.6 only. Other versions are not listed as affected. ↗
- ·Attacks may have a scope change impact, meaning successful exploitation of SGD can significantly impact additional products beyond the vulnerable component itself. ↗
CVSS provenance
nvdv3.110.0CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_oracle10.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-ghxq-v22h-xwfg: Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Gateway)
ghsa_unreviewed·2022-05-24
CVE-2021-2177 [CRITICAL] GHSA-ghxq-v22h-xwfg: Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Gateway)
Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Gateway). The supported version that is affected is 5.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Secure Global Desktop. While the vulnerability is in Oracle Secure Global Desktop, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Secure Global Desktop. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).
Oracle
Oracle Oracle Virtualization Risk Matrix: Gateway — CVE-2021-2177
vendor_oracle·2021-04-15·CVSS 10.0
CVE-2021-2177 [CRITICAL] Oracle Oracle Virtualization Risk Matrix: Gateway — CVE-2021-2177
Oracle Oracle Virtualization Risk Matrix: Gateway vulnerability
CVE: CVE-2021-2177
CVSS: 10.0
Protocol: Multiple
Remote exploit: Yes
Affected versions: Network
Advisory: cpuapr2021 (APR 2021)
No detection rules found.
No public exploits indexed.
2021-04-22
Published