CVE-2021-47701
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-09

Last updated on: 2025-12-17

Assigner: VulnCheck

Description
OpenBMCS 2.4 allows an attacker to escalate privileges from a read user to an admin user by manipulating permissions and exploiting a vulnerability in the update_user_permissions.php script. Attackers can submit a malicious HTTP POST request to PHP scripts in '/plugins/useradmin/' directory.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-09
Last Modified
2025-12-17
Generated
2026-05-07
AI Q&A
2025-12-09
EPSS Evaluated
2026-05-05
NVD
CVE-2021-47701
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
openbmcs openbmcs 2.4
f5 openbmcs 2.4
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in OpenBMCS 2.4 allows an attacker with read-level access to escalate their privileges to an admin user by exploiting a flaw in the update_user_permissions.php script. The attacker can send a specially crafted HTTP POST request to PHP scripts located in the '/plugins/useradmin/' directory to manipulate user permissions.


How can this vulnerability impact me? :

The vulnerability can allow an attacker who initially has limited read access to gain administrative privileges. This could lead to unauthorized control over the system, potentially allowing the attacker to modify configurations, access sensitive data, or disrupt system operations.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring for suspicious HTTP POST requests to the '/plugins/useradmin/' directory, specifically targeting scripts like 'getUserDetails.php', 'update_user_permissions.php', and 'create_user.php'. Commands to detect such activity could include using network monitoring tools or command-line utilities like curl to simulate or check for these POST requests. For example, you can use curl commands to test the endpoints: 1) Listing user permissions: curl -X POST -d 'user_id=<id>' http://<target>/plugins/useradmin/getUserDetails.php 2) Attempting privilege escalation: curl -X POST -d '<manipulated parameters>' http://<target>/plugins/useradmin/update_user_permissions.php 3) Attempting to create admin users: curl -X POST -d '<user details and permissions>' http://<target>/plugins/useradmin/create_user.php. Additionally, inspecting web server logs for POST requests to these scripts with unusual parameters can help detect exploitation attempts. [1]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include restricting access to the '/plugins/useradmin/' directory and its PHP scripts to trusted users only, implementing proper authentication and authorization checks on these scripts, and monitoring for suspicious POST requests targeting these endpoints. If possible, apply any available patches or updates from the vendor addressing this vulnerability. Additionally, reviewing and tightening user permissions to prevent unauthorized privilege escalation and disabling or limiting the use of vulnerable scripts until a fix is applied can reduce risk. [1, 2, 3]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart