Description

Introduction to Components

Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from the application logic (PHP). This is important in collaborative projects or where the application programmer and the template designer are not the same person.

Summary

The Sangfor Security Team has verified the Smarty sandbox escape vulnerability CVE-2021-26119, classified as critical.

CVE-2021-26119 vulnerability allows a Sandbox Escape because $smarty.template_object can be accessed in sandbox mode. The vulnerability is found in template files compiled and generated by the engine using the Smarty_Internal_Runtime_TplFunction template. Attackers can exploit this vulnerability to construct malicious data with permission, and ultimately cause remote code execution.

Reproduction

CVE-2021-26119

The Sangfor Security Team established the environment of Smarty 3.1.38 and successfully reproduce this vulnerability as follows:

Impact

Smarty is a well-known template engine written in PHP. There are tens of thousands of unique visitors on the Smarty website daily.

Affected Versions:

Smarty 3.1.38 and earlier versions

Timeline

Feb 18, 2021 Sangfor FarSight Labs detected that Smarty released a security patch.
Feb 25, 2021 Sangfor FarSight Labs reproduced this vulnerability successfully and released solutions.

Learn More

Sangfor FarSight Labs researches the latest and unknown zero-day vulnerabilities and threats, alerting customers to vulnerabilities that can pose threats to their organizations, and providing solutions as soon as possible with actionable intelligence. Sangfor FarSight Labs works with other security vendors and the security community at large to identify and verify global cyberthreats so our customers can be protected from them as quickly as possible.

Remediation Solution

Smarty has released a new version to fix this vulnerability. Please download it from the following link: https://github.com/smarty-php/smarty/blob/master/CHANGELOG.md

Sangfor Solution

  1. For Sangfor NGAF customers, click Update on Security Capability Update.
  2. Sangfor Cloud WAF has automatically updated its database in the cloud. Users are already protected from this vulnerability without any additional operation required.
  3. Sangfor Cyber Command detects attacks which exploit this vulnerability and can alert users in real time. Users can integrate Cyber Command with NGAF to block an attacker's IP address.
  4. Sangfor SOC has Sangfor security specialists available 24/7 to help you resolve any security issues. After rule update release, Sangfor security experts check and update the customer's vulnerability detection equipment and perform a vulnerability scan of the customer's network environment to ensure that the customer's host is free from this vulnerability. For users with vulnerabilities, the SOC regularly reviews and updates device policies to ensure protection against this vulnerability.



Listen To This Post

Search

Get in Touch

Get in Touch with Sangfor Team for Business Inquiry

Related Articles

Cyber Security

Ransomware Attacks in Asia on the Rise, Are You Next?

Date : 09 Aug 2022
Read Now

Cyber Security

How to Level Up Your Incident Response Plan

Date : 28 Jul 2022
Read Now

Cyber Security

What is a Phishing Attack and How to Defend Against Them

Date : 27 Jul 2022
Read Now

See Other Product

Cyber Command - NDR Platform
Endpoint Secure
Internet Access Gateway (IAG)
NGAF - Next Generation Firewall (NGFW)
Platform-X
SASE Access
icon notification