Lucene search

[email protected]CVE-2021-21873

HistoryDec 22, 2021 - 7:15 p.m.

CVE-2021-21873

2021-12-2219:15:08

CWE-78

[email protected]

web.nvd.nist.gov

cve-2021-21873

nvd

http request

arbitrary command execution

rsa keypasswd parameter

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.9%

JSON

A specially-crafted HTTP request can lead to arbitrary command execution in RSA keypasswd parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Affected configurations

Vulners

NVD

Node

lantronixsecurelinxRange≤(

VendorProductVersionCPE
lantronixsecurelinx*cpe:2.3:h:lantronix:securelinx:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
lantronix	securelinx	*	cpe:2.3:h:lantronix:securelinx::::::::

CNA Affected

[
  {
    "product": "Lantronix",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU)"
      }
    ]
  }
]

References

talosintelligence.com/vulnerability_reports/TALOS-2021-1314

Social References

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.9%

JSON

Related for CVE-2021-21873

cvelist1 nvd1 prion1 cnvd1 talos1 checkpoint_advisories1