Lucene search

[email protected]CVE-2021-28912

HistorySep 09, 2021 - 6:15 p.m.

CVE-2021-28912

2021-09-0918:15:08

CWE-798

CWE-521

[email protected]

web.nvd.nist.gov

cve-2021-28912

bab technologie gmbh

eibport v3

ssh

root access

security vulnerability

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.8%

JSON

BAB TECHNOLOGIE GmbH eibPort V3. Each device has its own unique hard coded and weak root SSH key passphrase known as ‘eibPort string’. This is usable and the final part of an attack chain to gain SSH root access.

Affected configurations

NVD

Node

bab-technologieeibport_firmwareRange<3.9.1

AND

bab-technologieeibportMatchv3

CPENameOperatorVersion
bab-technologie:eibport_firmwarebab-technologie eibport firmwarelt3.9.1

CPE	Name	Operator	Version
bab-technologie:eibport_firmware	bab-technologie eibport firmware	lt	3.9.1

References

psytester.github.io/CVE-2021-28912

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.8%

JSON

Related for CVE-2021-28912

nvd1 prion1 cvelist1