CVE-2021-47703
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-09

Last updated on: 2025-12-09

Assigner: VulnCheck

Description
OpenBMCS 2.4 contains an unauthenticated SSRF vulnerability that allows attackers to bypass firewalls and initiate service and network enumeration on the internal network through the affected application, allowing hijacking of current sessions. Attackers can specify an external domain in the 'ip' parameter to force the application to make an HTTP request to an arbitrary destination host.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-09
Last Modified
2025-12-09
Generated
2026-06-16
AI Q&A
2025-12-09
EPSS Evaluated
2026-06-15
NVD
CVE-2021-47703
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openbmcs openbmcs 2.4
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-918 The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an unauthenticated Server-Side Request Forgery (SSRF) in OpenBMCS 2.4. It allows attackers to bypass firewalls and perform service and network enumeration on the internal network by making the application send HTTP requests to arbitrary external domains specified in the 'ip' parameter. This can also lead to hijacking of current sessions.

Impact Analysis

The vulnerability can impact you by allowing attackers to bypass network defenses such as firewalls, gather information about internal services and networks, and potentially hijack active sessions. This can lead to unauthorized access, data exposure, and further exploitation within your internal network.

Detection Guidance

This vulnerability can be detected by monitoring for unusual HTTP POST requests to the /php/query.php endpoint with the 'ip' parameter containing external domains. A practical detection method is to capture and analyze HTTP traffic for such requests. For example, using curl to test the vulnerability: curl -X POST -d "ip=http://attacker.com" http://<target>/php/query.php. Network monitoring tools can also be used to detect outbound HTTP requests initiated by the application to unexpected external hosts. Additionally, reviewing server logs for POST requests to /php/query.php with suspicious 'ip' parameter values can help identify exploitation attempts. [1, 3, 4]

Mitigation Strategies

Immediate mitigation steps include restricting or validating the 'ip' parameter input in the /php/query.php endpoint to prevent arbitrary external requests. Applying input validation to ensure only allowed internal IP addresses or domains are accepted can block exploitation. If a patch or update is available from the vendor, applying it promptly is recommended. Additionally, implementing network-level controls such as firewall rules to restrict outbound HTTP requests from the OpenBMCS server to untrusted external hosts can reduce risk. Monitoring and blocking suspicious traffic related to this vulnerability is also advised. [1, 4]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2021-47703. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart