CVE-2021-29416

An issue was discovered in PortSwigger Burp Suite before 2021.2. During viewing of a malicious request, it can be manipulated into issuing a request that does not respect its upstream proxy configuration. This could leak NetNTLM hashes on Windows systems that fail to block outbound SMB.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 53%
VendorProductVersion
portswiggerburp_suite
𝑥
< 2021.2
portswiggerburp_suite
𝑥
< 2021.2
𝑥
= Vulnerable software versions
References
https://hackerone.com/reports/1054382
https://portswigger.net/burp/releases/professional-community-2020-12?requestededition=professional
https://hackerone.com/reports/1054382
https://portswigger.net/burp/releases/professional-community-2020-12?requestededition=professional