CVE-2021-45785

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Jun 24, 2024

Updated: Jul 3, 2024

CWE ID 352

Summary

CVE-2021-45785 is a Cross-Site Request Forgery (CSRF) vulnerability affecting TruDesk Help Desk/Ticketing Solution version 1.1.11. An attacker can exploit this weakness to initiate a server restart, leading to a Denial of Service (DoS) attack. They must create a malicious webpage that prompts the victim, who holds sufficient privileges, to visit the page. This action inadvertently triggers a GET request to the /api/v1/admin/restart endpoint, initiating the server restart process. For a successful attack, the attacker needs to have knowledge of the TruDesk system's full URL.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/wl5QUI
https://www.cve.org/CVERecord?id=CVE-2021-45785
https://nvd.nist.gov/vuln/detail/CVE-2021-45785

Back to Vulnerability Database

CVE-2021-45785

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations