CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
99.7%
Movable Type XMLRPC API provided by Six Apart Ltd. contains an OS command injection vulnerability (CWE-78).
Sending a specially crafted message by POST method to Movavle Type XMLRPC API may allow arbitrary OS command execution.
【Updated on 2021 November 10】
As of 2021 November 10, a Proof-of-Concept (PoC) code exploiting this vulnerability has already been made public and attacks exploting this vulnerability has been observed in the wild.
An arbitrary OS command may be executed by a remote attacker.
Update the Software
Apply the appropriate update according to the information provided by the developer.
The developer has released the following updates that contain a fix for this vulnerability:
Apply the workaround
If an update cannot be applied, applying the following workarounds to Movable Type configuration file mt-config.cgi
may mitigate the impact of this vulnerability.
mt-xmlrpc.cgi
only to trusted connection sourcemt-xmlrpc.cgi
or remove execute permission to mt-xmlrpc.cgi
RestrictedPSGIApp xmlrpc
to mt-config.cgi
XMLRPCScript
used in mt-config.cgi
mt-xmlrpc.cgi
only to trusted connection sourceXMLRPCScript
used in mt-config.cgi
For more information, refer to the information provided by the developer.
【Updated on 2021 December 16】
When this advisory was first published on 2021 October 20, the affected versions were described as “Movable Type 7 r.5002 and earlier (Movable Type 7 Series)”, “Movable Type 6.8.2 and earlier (Movable Type 6 Series)”, “Movable Type Advanced 7 r.5002 and earlier (Movable Type Advanced 7 Series)”, “Movable Type Advanced 6.8.2 and earlier (Movable Type Advanced 6 Series)”, “Movable Type Premium 1.46 and earlier” and “Movable Type Premium Advanced 1.46 and earlier”. However, it was found that the fixes were not adequate, thus information under the section [Products Affected] was updated.
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
99.7%