Is CVE-2021-45785 actively exploited?

CVE-2021-45785 has no public evidence of in-the-wild exploitation as of 2024-11-21.

What is the CVSS score for CVE-2021-45785?

CVE-2021-45785 has a CVSS score of 6.5 (MEDIUM severity). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H.

How do I patch CVE-2021-45785?

Patch guidance is available from trudesk project security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2021-45785.

Which products are affected by CVE-2021-45785?

1 product: trudesk project trudesk.

CVE-2021-45785 - remediation guidance & executive summary

Description

TruDesk Help Desk/Ticketing Solution v1.1.11 is vulnerable to a Cross-Site Request Forgery (CSRF) attack which would allow an attacker to restart the server, causing a DoS attack. The attacker must craft a webpage that would perform a GET request to the /api/v1/admin/restart endpoint, then the victim (who has sufficient privileges), would visit the page and the server restart would begin. The attacker must know the full URL that TruDesk is on in order to craft the webpage.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector: network
Complexity: low
Privileges: none
User Action: required
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: high
Weaknesses: CWE-352 · Cross-Site Request Forgery CWE-352 · Cross-Site Request Forgery

Metadata

Primary Vendor: TRUDESK_PROJECT
Published: 6/24/2024
Last Modified: 11/21/2024
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

trudesk_project : trudesk

Remediation Guidance

Executive Summary

Cite this page

CVE-2021-45785. CVEDatabase.com. Retrieved 1 May 2026. https://cvedatabase.com/cve/CVE-2021-45785

View on NIST NVD

CVE-2021-45785 vulnerability