cythera-logo-darkmode
Are you experiencing a security incident?
Incident Response
Assess & Improve
Detect & Respond
Protect & Secure
Advise & Empower
Resources
Case Studies
Real-world examples
Articles
In-depth insights
Advisories
Newly discovered threats
About us
Leadership Team
Meet the experts
Events
Join upcoming events
Award & Certifications
Industry recognitions
Vendor Partners
Trusted vendors
Talk to an expert
Service Category
Services
Popular Services
Employee Cyber Training & Awareness
Train smart and stay secure
Advisory
Secure smarter with strategic security advisory
Managed Protection
Always-on protection. Smarter security
Security Architecture
Security that drives real results, cloud to full stack
Digital Forensics & Incident Response
DFIR experts, ready when you need them.
Cyber Threat Intelligence
Real time insights from Cassini CTI
Managed Detection & Response
Our experts watch, so you don’t have to.
Certification & Accreditation
Get certified with ease
Audit & Assurance
Audits you trust. Assurance that drives action.
Governance, Risk & Compliance
Simplfy compliance, strengthen protection
Cyber Maturity Assessments
Level up your cyber security game
Penetration Testing
Penetration testing that spots weaknesses
Case Studies
    
Articles
    
Advisories
    
Web Filter, CASB & DLP (Cloud Access Security Broker & Data Loss Prevention)
Web Application Penetration Testing
Vulnerability Management
Vulnerability Assessment
vITSM
Virtual Security Architect (vSecArch)
vCISO
System Security Plan
System Architecture, Design & Implementation
Strategic Security Consulting
SWIFT CSCF
Specialist Testing
Source Code Review
Social Engineering & Phishing
Security Policy and Standard Development
Security Incident Response Testing
Security Awareness Training
Secure Access Service Edge (SASE)
Risk Management
Risk Assessment
Red Teaming
Purple Teaming
NIST CSF Maturity Uplift
Payment Card Industry (PCI)
OT/SCADA Network Penetration Test
NIST CSF Assessment
ISO 27001
Internal Penetration Testing
Incident Response Tabletop Exercise
Incident Response
Forensics
External Penetration Testing
Executive & Board Reporting
Executive and Board Security Governance Training
Essential Eight Assessment
Endpoint Protection
Email Security
DevSecOps Review & Implementation
Denial of Service (DoS) Testing
Design Reviews
Dark Web Monitoring
Controls Validation Audit
Continuous Certification
Compliance Programme Management
Configuration Reviews
Cloud Security Configuration
Cloud Posture & Security
CIS Critical Controls Assessment
Automated Patch Management
CI/CD Health Check
Artificial Intelligence (AI) Penetration Test
All of Government Marketplace
Advanced OSINT Training Course
Application Penetration Tests
NIST CSF Assessment
ISO 27001
Internal Penetration Testing
External Penetration Testing
Essential Eight Assessment
Denial of Service (DoS) Testing
Dark Web Monitoring
cythera-logo-darkmode
Advise & Empower
Explore Solutions
Protect & Secure
Explore Solutions
Detect & Respond
Explore Solutions
Assess & Improve
Explore Solutions
Resources
Articles
Advisories
About Us
Explore Bastion
Leadership Team
Events
Award & Certifications
Our Community
Vendor Partners
Employee Cyber Training & Awareness
Advisory
Managed Protection
Security Architecture
Digital Forensics & Incident Response
Cyber Threat Intelligence
Managed Detection & Response
Certification & Accreditation
Audit & Assurance
Governance, Risk & Compliance
Cyber Maturity Assessments
Penetration Testing
Popular Services
NIST CSF Assessment
ISO 27001
Internal Penetration Testing
Incident Response
Talk to an expert
Resources
About Us
Advisories
>
perfSONAR — Multiple Issues
Cythera Cyber Security

perfSONAR — Multiple Issues

A Server-Side Request Forgery (SSRF) vulnerability in the *host* header was identified, allowing attackers to probe internal network resources. Additionally, an arbitrary file read flaw could let an attacker search for specific content within system files.
Talk to an expert

Introduction

perfSONAR is a globally distributed network measurement toolkit that provides federated insight into end-to-end performance across data paths. Widely used across research and enterprise environments, perfSONAR enables open testing of critical network metrics through thousands of publicly accessible instances worldwide.

The Vulnerability

During a security review, Cythera discovered several vulnerabilities in perfSONAR (up to version 4.4.5), including a Server-Side Request Forgery (SSRF) and a local file read flaw. These issues could be exploited for user enumeration or further attacks against internal network components. The advisory outlines technical findings and potential risk implications of these vulnerabilities.

What is perfSONAR?

perfSONAR is a network measurement toolkit that uses a component called pScheduler to manage and execute various types of performance tests. Users can schedule tests through either the command-line interface or the pScheduler API.

Arbitrary File Read Vulnerability – CVE-2022-45213

About the http Test Type

Among the supported test types in pScheduler is http, which is typically used to measure HTTP response times. Normally, this test connects to a specified URL and retrieves connection metadata without exposing the full HTTP response.

Exploiting the file: Scheme

It was discovered that the url parameter in the test specification also accepted a file-based scheme (such as file:/etc/passwd). While this did not directly return the contents of the file, the presence of a parse parameter allowed the system to search for specific keywords within the response.

By targeting a known local file and including a keyword to search for (such as “root”), it was possible to determine whether that string existed in the file. This effectively enabled arbitrary file read capabilities through crafted test payloads.

Server-Side Request Forgery (SSRF) – CVE-2022-45027

What is SSRF?

Server-Side Request Forgery (SSRF) occurs when a vulnerable server is tricked into sending network requests on behalf of the attacker—often to internal systems not otherwise accessible from outside the network.

How the SSRF Was Discovered

By manipulating the Host header in requests to pScheduler, researchers discovered they could coerce the server into making outbound requests to attacker-controlled domains. This confirmed an SSRF vulnerability in how pScheduler handled incoming task data.

The server returned an internal server error in response to these crafted requests, while external logging confirmed that a request was sent out by the vulnerable system.

Port Scanning via SSRF

Further analysis revealed that this SSRF vulnerability could be used to scan internal ports:

  • When attempting to connect to a closed port, the system would return a “connection refused” error.
  • When connecting to an open port, a different TLS-related error would appear.
  • This behavioural difference allowed attackers to infer which internal ports were open or closed, enabling basic internal network reconnaissance.

Vulnerability Disclosure Timeline

  • 4 November 2022 – Issues reported to the perfSONAR team. A fix was confirmed for an upcoming release.
  • 9 November 2022 – perfSONAR version 4.4.6 was released, containing the fix.
  • 9 December 2022 – CVE identifiers were reserved (CVE-2022-45213 and CVE-2022-45027).
  • 31 January 2023 – A public blog post disclosed the findings.

CIO
Government Agency
Cythera operates as an extension of our team. When we call there is an immediate response and the person that answers our call is the person that resolves our issue. Cythera understands our network, and more importantly, has taken the time to understand our business. We find it easy to work with Cythera. They are approachable, flexible and have taken the time to build deep relationships with our team. It is a partnership and friendship. Cythera’s personalised, highly specialised services makes all the difference. We would recommend Cythera to anyone in the industry looking for a managed services partner.
Expert methods

We have the tools to pinpoint risks

Whether it’s hidden vulnerabilities or patterns you might miss, we help you stay one step ahead and make confident, informed decisions. Understand how our services can help your business uncover critical risks

Talk to an expert
Employee Cyber Training & Awareness
Your people are your first line of defence. Our cyber training builds awareness sharpens instincts and turns everyday staff into assets.
Advisory
When clarity is critical and stakes are high, our advisory services deliver strategic, executive-level security expertise that empowers decision-making and resilient operations.
Advise & Empower
Protect & Secure
Detect & Respond
Assess & Improve
Back to top
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Dark
Resources
Case StudiesArticlesAdvisoriesOur ISO 27001 Certificate
About UsLeadership TeamEventsAwards & CertificationsOur CommunityVendor Partnership
Are you experiencing a security breach?
Incident Response
1300 298 437
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
© Copyright 2025. All rights reserved