Skip to content
Nuclei Templates

Pega Infinity - Authentication Bypass

ID: CVE-2021-27651

Severity: critical

Author: idealphase,daffainfo

Tags: cve2021,cve,pega,auth-bypass

Description

Section titled “Description”

Pega Infinity versions 8.2.1 through 8.5.2 contain an authentication bypass vulnerability because the password reset functionality for local accounts can be used to bypass local authentication checks.

YAML Source

Section titled “YAML Source”
id: CVE-2021-27651


info:
  name: Pega Infinity - Authentication Bypass
  author: idealphase,daffainfo
  severity: critical
  description: Pega Infinity versions 8.2.1 through 8.5.2 contain an authentication bypass vulnerability because the password reset functionality for local accounts can be used to bypass local authentication checks.
  impact: |
    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information and potential compromise of the Pega Infinity application.
  remediation: |
    Apply the necessary security patches or updates provided by Pega Infinity to mitigate the authentication bypass vulnerability (CVE-2021-27651).
  reference:
    - https://github.com/samwcyo/CVE-2021-27651-PoC/blob/main/RCE.md
    - https://nvd.nist.gov/vuln/detail/CVE-2021-27651
    - https://collaborate.pega.com/discussion/pega-security-advisory-a21-hotfix-matrix
    - https://github.com/nomi-sec/PoC-in-GitHub
    - https://github.com/orangmuda/CVE-2021-27651
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2021-27651
    cwe-id: CWE-287
    epss-score: 0.06797
    epss-percentile: 0.93865
    cpe: cpe:2.3:a:pega:infinity:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: pega
    product: infinity
  tags: cve2021,cve,pega,auth-bypass


http:
  - method: GET
    path:
      - "{{BaseURL}}/prweb/PRAuth/app/default/"


    host-redirects: true
    max-redirects: 2


    matchers-condition: and
    matchers:
      - type: dsl
        dsl:
          - compare_versions(version, '< 8.5.2', '>= 8.2.1')


      - type: word
        part: body
        words:
          - 'Pega Infinity'


      - type: status
        status:
          - 200


    extractors:
      - type: regex
        name: version
        group: 1
        regex:
          - '(?m)<span>Pega ([0-9.]+)</span>'
        internal: true


      - type: regex
        group: 1
        regex:
          - '(?m)<span>Pega ([0-9.]+)</span>'
# digest: 4b0a00483046022100e77e70ce605b7d4be6824881ae2a8c0f6767c974b62ad5559aa285e935b3bbf1022100e71c0acb150f5ef6e435d4457ea4fbe31ace11a7aac9421b564d2ae61892bb98:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2021/CVE-2021-27651.yaml"

View on Github