HomePentest-Tools.com Logo

Apache Cassandra - Remote Code Execution CVE-2021-44521

Severity
CVSSv3 Score
9.1
Vulnerability description

Apache Cassandra server is vulnerable to CVE-2021-44521, a Remote Code Execution vulnerability that can affect the Apache Cassandra database. The root cause of this vulnerability is an improper configuration of the Cassandra engine that allows an unauthenticated user to write a function that can execute code on the Cassandra server.

Risk description

The risk exists that an unauthenticated remote attacker could leverage the Remote Code Execution vulnerability to gain full control of the Cassandra server, where they could steal confidential information, install ransomware, or pivot to the internal network.

Exploit capabilities

Sniper can gain unauthenticated Remote Code Execution on the target system and extract multiple artefacts as evidence.

Recommendation

Update the Apache Cassandra server to the latest version.

Codename
Not available
Detectable with
Network Scanner
Scan engine
Sniper
Exploitable with Sniper
Yes
CVE Published
Feb 11, 2022
Detection added at
Software Type
database
Vendor
Apache
Product
Cassandra