Lucene search

[email protected]CVE-2021-44564

HistoryJan 06, 2022 - 12:15 p.m.

CVE-2021-44564

2022-01-0612:15:08

[email protected]

web.nvd.nist.gov

cve

2021

44564

security vulnerability

sync2101

sync devices

network access

ip address

unsecured communication channel

easyconnect

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.6%

JSON

A security vulnerability originally reported in the SYNC2101 product, and applicable to specific sub-families of SYNC devices, allows an attacker to download the configuration file used in the device and apply a modified configuration file back to the device. The attack requires network access to the SYNC device and knowledge of its IP address. The attack exploits the unsecured communication channel used between the administration tool Easyconnect and the SYNC device (in the affected family of SYNC products).

Affected configurations

NVD

Node

kalkitechsync241-m1Match-

AND

kalkitechsync241-m1_firmwareRange≤4.15.3

Node

kalkitechsync241-m2Match-

AND

kalkitechsync241-m2_firmwareRange≤4.15.3

Node

kalkitechsync241-m4Match-

AND

kalkitechsync241-m4_firmwareRange≤4.15.3

Node

kalkitechsync261-m1Match-

AND

kalkitechsync261-m1_firmwareRange≤4.15.3

Node

kalkitechsync2000-m1Match-

AND

kalkitechsync2000-m1_firmwareRange≤4.15.3

Node

kalkitechsync2000-m2Match-

AND

kalkitechsync2000-m2_firmwareRange≤4.15.3

Node

kalkitechsync2000-m4Match-

AND

kalkitechsync2000-m4_firmwareRange≤4.15.3

Node

kalkitechsync2101-m1Match-

AND

kalkitechsync2101-m1_firmwareRange≤4.15.3

Node

kalkitechsync2101-m2_firmwareRange≤4.15.3

AND

kalkitechsync2101-m2Match-

Node

kalkitechsync2101-m6_firmwareRange≤4.15.3

AND

kalkitechsync2101-m6Match-

Node

kalkitechsync2101-m7_firmwareRange≤4.15.3

AND

kalkitechsync2101-m7Match-

Node

kalkitechsync2101-m8_firmwareRange≤4.15.3

AND

kalkitechsync2101-m8Match-

Node

kalkitechsync2111-m2_firmwareRange≤4.15.3

AND

kalkitechsync2111-m2Match-

Node

kalkitechsync2111-m3_firmwareRange≤4.15.3

AND

kalkitechsync2111-m3Match-

Node

kalkitechsync3000-m1_firmwareRange≤4.15.3

AND

kalkitechsync3000-m1Match-

Node

kalkitechsync3000-m2_firmwareRange≤4.15.3

AND

kalkitechsync3000-m2Match-

Node

kalkitechsync3000-m3_firmwareRange≤4.15.3

AND

kalkitechsync3000-m3Match-

Node

kalkitechsync3000-m4_firmwareRange≤4.15.3

AND

kalkitechsync3000-m4Match-

Node

kalkitechsync3000-m12_firmwareRange≤4.15.3

AND

kalkitechsync3000-m12Match-

Node

kalkitechsync221-m1_firmwareRange≤4.15.3

AND

kalkitechsync221-m1Match-

CPENameOperatorVersion
kalkitech:sync241-m1_firmwarekalkitech sync241-m1 firmwarele4.15.3

CPE	Name	Operator	Version
kalkitech:sync241-m1_firmware	kalkitech sync241-m1 firmware	le	4.15.3

References

kalkitech.com/wp-content/uploads/CYB_33631_Advisory.pdf

www.kalkitech.com/cybersecurity/

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.6%

JSON

Related for CVE-2021-44564

cnvd1 nvd1 prion1 cvelist1