Lucene search

TR-CERTCVELIST:CVE-2021-44794

HistoryJan 27, 2022 - 12:27 p.m.

CVE-2021-44794 Information Leakege via Unauthorized Access in Single Connect

2022-01-2712:27:14

CWE-862

TR-CERT

www.cve.org

information leakage

unauthorized access

single connect

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

44.0%

JSON

Single Connect does not perform an authorization check when using the “sc-diagnostic-ui” module. A remote attacker could exploit this vulnerability to access the device information page. The exploitation of this vulnerability might allow a remote attacker to obtain sensitive information.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Single Connect",
    "vendor": "Kron",
    "versions": [
      {
        "lessThan": "2.16",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.usom.gov.tr/bildirim/tr-22-0093

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

44.0%

JSON

Related for CVELIST:CVE-2021-44794