⚠ Actively exploited

Added to CISA KEV on 2022-01-18. Federal agencies required to patch by 2022-02-01. Required action: Apply updates per vendor instructions..

CVE-2021-32648 — Improper Authentication in October

CWE-287 — Improper Authentication14 documents9 sources

Severity

9.1CRITICALNVD

VulnCheck8.2

EPSS

93.0%

top 0.21%

CISA KEV

KEV

Added 2022-01-18

Due 2022-02-01

Exploit

Exploited in wild

Active exploitation observed

Affected products

Octobercms October October System

Timeline

PublishedAug 26

KEV addedJan 18

Latest updateJan 20

KEV dueFeb 1

CISA Required Action: Apply updates per vendor instructions.

Description

octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request. The issue has been patched in Build 472 and v1.1.5.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 3.9 | Impact: 5.2

Affected Packages3 packages

▶Packagistoctober/system1.1.1 — 1.1.5+1

▶NVDoctobercms/october1.1.1 — 1.1.5+1

▶CVEListV5octobercms/october>= 1.0.471, < 1.0.472, >= 1.1.1, < 1.1.5+1

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

October CMS auth bypass and account takeover↗2021-08-30

▶

OSV

October CMS auth bypass and account takeover↗2021-08-30

▶

OSV

Account Takeover in Octobercms↗2021-08-30

▶

GHSA

Account Takeover in Octobercms↗2021-08-30

▶

VulnCheck

October CMS Improper Authentication↗2021

▶

💥Exploits & PoCs

Nuclei

OctoberCMS - Account Takeover

▶

🔍Detection Rules

Suricata

ET EXPLOIT OctoberCMS Auth Bypass Inbound M2 set_password (CVE-2021-32648)↗2022-01-18

▶

Suricata

ET EXPLOIT OctoberCMS Auth Bypass Inbound M1 trigger_reset (CVE-2021-32648)↗2022-01-18

▶

📋Vendor Advisories

CISA

October CMS Improper Authentication↗2022-01-18

▶

🕵️Threat Intelligence

Unit42

Threat Brief: Ongoing Russia and Ukraine Cyber Activity↗2022-01-20

▶

Unit42

Threat Brief: Ongoing Russia and Ukraine Cyber Activity↗2022-01-20

▶

Greynoiseio

NoiseLetter March 2026↗

▶

Greynoiseio

Malicious Tag Roundup (January 2022)↗

▶