cbcvebase.
CVE-2021-44207
published 2021-12-21

CVE-2021-44207: Acclaim USAHERDS through 7.4.0.1 uses hard-coded credentials.

PriorityP181high8.1CVSS 3.1
AVNACHPRNUINSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2025-01-13
Exploited in the wild
EPSS
17.58%
96.8th percentile
Acclaim USAHERDS through 7.4.0.1 uses hard-coded credentials.

Affected

1 ranges
VendorProductVersion rangeFixed in
acclaimsystemsusaherds<= 7.4.0.1

Detection & IOCsextracted from sources · hover to see the quote

  • The hard-coded credentials vulnerability in USAHERDS can be leveraged to achieve remote code execution; defenders should monitor for unexpected RCE activity on systems running USAHERDS (through version 7.4.0.1)
  • Exploitation of this CVE requires the attacker to also obtain the ASP.NET MachineKey, likely via a separate vulnerability or out-of-band channel; monitor for reconnaissance or information-disclosure activity targeting the MachineKey on USAHERDS hosts
  • ·Exploitation is a two-step process: the hard-coded credentials alone are insufficient — the ASP.NET MachineKey must also be obtained through a separate vulnerability or channel before RCE is achievable
  • ·Affected versions are USAHERDS through 7.4.0.1; versions beyond this boundary are not confirmed vulnerable by the available sources

CVSS provenance

nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vulncheck8.1HIGH
cisa8.1HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.