Vulnerability Details CVE-2021-29416
An issue was discovered in PortSwigger Burp Suite before 2021.2. During viewing of a malicious request, it can be manipulated into issuing a request that does not respect its upstream proxy configuration. This could leak NetNTLM hashes on Windows systems that fail to block outbound SMB.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 53.9%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.3
References
Products affected by CVE-2021-29416
-
cpe:2.3:a:portswigger:burp_suite:-
-
cpe:2.3:a:portswigger:burp_suite:1.7.32
-
cpe:2.3:a:portswigger:burp_suite:1.7.33
-
cpe:2.3:a:portswigger:burp_suite:2020.11
-
cpe:2.3:a:portswigger:burp_suite:2020.11.1
-
cpe:2.3:a:portswigger:burp_suite:2020.11.2
-
cpe:2.3:a:portswigger:burp_suite:2020.11.3
-
cpe:2.3:a:portswigger:burp_suite:2020.12
-
cpe:2.3:a:portswigger:burp_suite:2020.12.1
-
cpe:2.3:a:portswigger:burp_suite:2020.7
-
cpe:2.3:a:portswigger:burp_suite:2020.8
-
cpe:2.3:a:portswigger:burp_suite:2020.8.1
-
cpe:2.3:a:portswigger:burp_suite:2020.9
-
cpe:2.3:a:portswigger:burp_suite:2020.9.1
-
cpe:2.3:a:portswigger:burp_suite:2020.9.2