CWE-305
Authentication Bypass by Primary Weakness
The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.
CVE-2020-15077 (GCVE-0-2020-15077)
Vulnerability from cvelistv5 – Published: 2021-06-04 10:42 – Updated: 2024-08-04 13:08
VLAI
Summary
OpenVPN Access Server 2.8.7 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.
Severity
No CVSS data available.
CWE
- CWE-305 - Authentication Bypass by Primary Weakness
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://openvpn.net/vpn-server-resources/release-notes/ | x_refsource_MISC |
| https://openvpn.net/security-advisory/access-serv… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | OpenVPN Access Server |
Affected:
2.8.7 and earlier versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:08:21.878Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://openvpn.net/vpn-server-resources/release-notes/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://openvpn.net/security-advisory/access-server-security-update-cve-2020-15077/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenVPN Access Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2.8.7 and earlier versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenVPN Access Server 2.8.7 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305: Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-04T10:42:01.000Z",
"orgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"shortName": "OpenVPN"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://openvpn.net/vpn-server-resources/release-notes/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://openvpn.net/security-advisory/access-server-security-update-cve-2020-15077/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@openvpn.net",
"ID": "CVE-2020-15077",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenVPN Access Server",
"version": {
"version_data": [
{
"version_value": "2.8.7 and earlier versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenVPN Access Server 2.8.7 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-305: Authentication Bypass by Primary Weakness"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://openvpn.net/vpn-server-resources/release-notes/",
"refsource": "MISC",
"url": "https://openvpn.net/vpn-server-resources/release-notes/"
},
{
"name": "https://openvpn.net/security-advisory/access-server-security-update-cve-2020-15077/",
"refsource": "MISC",
"url": "https://openvpn.net/security-advisory/access-server-security-update-cve-2020-15077/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"assignerShortName": "OpenVPN",
"cveId": "CVE-2020-15077",
"datePublished": "2021-06-04T10:42:01.000Z",
"dateReserved": "2020-06-25T00:00:00.000Z",
"dateUpdated": "2024-08-04T13:08:21.878Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15078 (GCVE-0-2020-15078)
Vulnerability from cvelistv5 – Published: 2021-04-26 13:19 – Updated: 2024-08-04 13:08
VLAI
Summary
OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.
Severity
No CVSS data available.
CWE
- CWE-305 - Authentication Bypass by Primary Weakness
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://community.openvpn.net/openvpn/wiki/CVE-20… | x_refsource_MISC |
| https://community.openvpn.net/openvpn/wiki/Securi… | x_refsource_MISC |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://security.gentoo.org/glsa/202105-25 | vendor-advisoryx_refsource_GENTOO |
| https://usn.ubuntu.com/usn/usn-4933-1 | vendor-advisoryx_refsource_UBUNTU |
| https://lists.debian.org/debian-lts-announce/2022… | mailing-listx_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:08:21.675Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2021-242ef81244",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GJUXEYHUPREEBPX23VPEKMFXUPVO3PMU/"
},
{
"name": "FEDORA-2021-b805c26afa",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PLDB3OBQ3AODYYRN7NRCABV6I4AUFAT6/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.openvpn.net/openvpn/wiki/CVE-2020-15078"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements"
},
{
"name": "FEDORA-2021-d6b9d8497b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JGEGLC4YGBDN5CGHTNWN2GH6DJJA36T2/"
},
{
"name": "GLSA-202105-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202105-25"
},
{
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/usn/usn-4933-1"
},
{
"name": "[debian-lts-announce] 20220503 [SECURITY] [DLA 2992-1] openvpn security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenVPN",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2.5.1 and earlier versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305: Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-03T13:06:09.000Z",
"orgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"shortName": "OpenVPN"
},
"references": [
{
"name": "FEDORA-2021-242ef81244",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GJUXEYHUPREEBPX23VPEKMFXUPVO3PMU/"
},
{
"name": "FEDORA-2021-b805c26afa",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PLDB3OBQ3AODYYRN7NRCABV6I4AUFAT6/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.openvpn.net/openvpn/wiki/CVE-2020-15078"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements"
},
{
"name": "FEDORA-2021-d6b9d8497b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JGEGLC4YGBDN5CGHTNWN2GH6DJJA36T2/"
},
{
"name": "GLSA-202105-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202105-25"
},
{
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/usn/usn-4933-1"
},
{
"name": "[debian-lts-announce] 20220503 [SECURITY] [DLA 2992-1] openvpn security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00002.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@openvpn.net",
"ID": "CVE-2020-15078",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenVPN",
"version": {
"version_data": [
{
"version_value": "2.5.1 and earlier versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-305: Authentication Bypass by Primary Weakness"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2021-242ef81244",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GJUXEYHUPREEBPX23VPEKMFXUPVO3PMU/"
},
{
"name": "FEDORA-2021-b805c26afa",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PLDB3OBQ3AODYYRN7NRCABV6I4AUFAT6/"
},
{
"name": "https://community.openvpn.net/openvpn/wiki/CVE-2020-15078",
"refsource": "MISC",
"url": "https://community.openvpn.net/openvpn/wiki/CVE-2020-15078"
},
{
"name": "https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements",
"refsource": "MISC",
"url": "https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements"
},
{
"name": "FEDORA-2021-d6b9d8497b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JGEGLC4YGBDN5CGHTNWN2GH6DJJA36T2/"
},
{
"name": "GLSA-202105-25",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202105-25"
},
{
"name": "https://usn.ubuntu.com/usn/usn-4933-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/usn/usn-4933-1"
},
{
"name": "[debian-lts-announce] 20220503 [SECURITY] [DLA 2992-1] openvpn security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00002.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"assignerShortName": "OpenVPN",
"cveId": "CVE-2020-15078",
"datePublished": "2021-04-26T13:19:45.000Z",
"dateReserved": "2020-06-25T00:00:00.000Z",
"dateUpdated": "2024-08-04T13:08:21.675Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15787 (GCVE-0-2020-15787)
Vulnerability from cvelistv5 – Published: 2020-09-09 18:11 – Updated: 2024-08-04 13:22
VLAI
Summary
A vulnerability has been identified in SIMATIC HMI Unified Comfort Panels (All versions <= V16). Affected devices insufficiently validate authentication attempts as the information given can be truncated to match only a set number of characters versus the whole provided string. This could allow a remote attacker to discover user passwords and obtain access to the Sm@rt Server via a brute-force attack.
Severity
No CVSS data available.
CWE
- CWE-305 - Authentication Bypass by Primary Weakness
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | SIMATIC HMI Unified Comfort Panels |
Affected:
All versions <= V16
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:22:30.904Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-542525.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SIMATIC HMI Unified Comfort Panels",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c= V16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC HMI Unified Comfort Panels (All versions \u003c= V16). Affected devices insufficiently validate authentication attempts as the information given can be truncated to match only a set number of characters versus the whole provided string. This could allow a remote attacker to discover user passwords and obtain access to the Sm@rt Server via a brute-force attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305: Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-08T19:47:15.000Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-542525.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2020-15787",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SIMATIC HMI Unified Comfort Panels",
"version": {
"version_data": [
{
"version_value": "All versions \u003c= V16"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC HMI Unified Comfort Panels (All versions \u003c= V16). Affected devices insufficiently validate authentication attempts as the information given can be truncated to match only a set number of characters versus the whole provided string. This could allow a remote attacker to discover user passwords and obtain access to the Sm@rt Server via a brute-force attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-305: Authentication Bypass by Primary Weakness"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-542525.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-542525.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2020-15787",
"datePublished": "2020-09-09T18:11:40.000Z",
"dateReserved": "2020-07-15T00:00:00.000Z",
"dateUpdated": "2024-08-04T13:22:30.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-24683 (GCVE-0-2020-24683)
Vulnerability from cvelistv5 – Published: 2020-12-22 21:19 – Updated: 2024-09-17 01:36
VLAI
Title
Authentication Bypass in Symphony Plus
Summary
The affected versions of S+ Operations (version 2.1 SP1 and earlier) used an approach for user authentication which relies on validation at the client node (client-side authentication). This is not as secure as having the server validate a client application before allowing a connection. Therefore, if the network communication or endpoints for these applications are not protected, unauthorized actors can bypass authentication and make unauthorized connections to the server application.
Severity
9.8 (Critical)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://search.abb.com/library/Download.aspx?Docu… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ABB | ABB Ability™ Symphony® Plus Operations |
Affected:
unspecified , < 2.1 SP1
(custom)
|
Date Public
2020-12-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:19:09.118Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA123980\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ABB Ability\u2122 Symphony\u00ae Plus Operations",
"vendor": "ABB",
"versions": [
{
"lessThan": "2.1 SP1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-12-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The affected versions of S+ Operations (version 2.1 SP1 and earlier) used an approach for user authentication which relies on validation at the client node (client-side authentication). This is not as secure as having the server validate a client application before allowing a connection. Therefore, if the network communication or endpoints for these applications are not protected, unauthorized actors can bypass authentication and make unauthorized connections to the server application."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-602",
"description": "CWE-602 Client-Side Enforcement of Server-Side Security",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305 Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-22T21:19:10.000Z",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA123980\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"advisory": "2PAA123980, 2PAA123982",
"discovery": "INTERNAL"
},
"title": "Authentication Bypass in Symphony Plus",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"DATE_PUBLIC": "2020-12-15T13:10:00.000Z",
"ID": "CVE-2020-24683",
"STATE": "PUBLIC",
"TITLE": "Authentication Bypass in Symphony Plus"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ABB Ability\u2122 Symphony\u00ae Plus Operations",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.1 SP1"
}
]
}
}
]
},
"vendor_name": "ABB"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The affected versions of S+ Operations (version 2.1 SP1 and earlier) used an approach for user authentication which relies on validation at the client node (client-side authentication). This is not as secure as having the server validate a client application before allowing a connection. Therefore, if the network communication or endpoints for these applications are not protected, unauthorized actors can bypass authentication and make unauthorized connections to the server application."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-602 Client-Side Enforcement of Server-Side Security"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-305 Authentication Bypass by Primary Weakness"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA123980\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "MISC",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA123980\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
]
},
"source": {
"advisory": "2PAA123980, 2PAA123982",
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2020-24683",
"datePublished": "2020-12-22T21:19:10.709Z",
"dateReserved": "2020-08-26T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:36:41.524Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-21403 (GCVE-0-2021-21403)
Vulnerability from cvelistv5 – Published: 2021-03-26 17:15 – Updated: 2024-08-03 18:09
VLAI
Title
Authentication Bypass by Primary Weakness in github.com/kongchuanhujiao/server
Summary
In github.com/kongchuanhujiao/server before version 1.3.21 there is an authentication Bypass by Primary Weakness vulnerability. All users are impacted. This is fixed in version 1.3.21.
Severity
7.5 (High)
CWE
- CWE-305 - Authentication Bypass by Primary Weakness
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/kongchuanhujiao/server/securit… | x_refsource_CONFIRM |
| https://github.com/kongchuanhujiao/server/commit/… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| kongchuanhujiao | server |
Affected:
< 1.3.21
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:09:15.870Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/kongchuanhujiao/server/security/advisories/GHSA-8wrg-m8vm-5fvj"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kongchuanhujiao/server/commit/9a125624f219e496bdf4b07b404816d5a309bdc1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "server",
"vendor": "kongchuanhujiao",
"versions": [
{
"status": "affected",
"version": "\u003c 1.3.21"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In github.com/kongchuanhujiao/server before version 1.3.21 there is an authentication Bypass by Primary Weakness vulnerability. All users are impacted. This is fixed in version 1.3.21."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305 Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-26T17:15:15.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kongchuanhujiao/server/security/advisories/GHSA-8wrg-m8vm-5fvj"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kongchuanhujiao/server/commit/9a125624f219e496bdf4b07b404816d5a309bdc1"
}
],
"source": {
"advisory": "GHSA-8wrg-m8vm-5fvj",
"discovery": "UNKNOWN"
},
"title": "Authentication Bypass by Primary Weakness in github.com/kongchuanhujiao/server",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-21403",
"STATE": "PUBLIC",
"TITLE": "Authentication Bypass by Primary Weakness in github.com/kongchuanhujiao/server"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "server",
"version": {
"version_data": [
{
"version_value": "\u003c 1.3.21"
}
]
}
}
]
},
"vendor_name": "kongchuanhujiao"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In github.com/kongchuanhujiao/server before version 1.3.21 there is an authentication Bypass by Primary Weakness vulnerability. All users are impacted. This is fixed in version 1.3.21."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-305 Authentication Bypass by Primary Weakness"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kongchuanhujiao/server/security/advisories/GHSA-8wrg-m8vm-5fvj",
"refsource": "CONFIRM",
"url": "https://github.com/kongchuanhujiao/server/security/advisories/GHSA-8wrg-m8vm-5fvj"
},
{
"name": "https://github.com/kongchuanhujiao/server/commit/9a125624f219e496bdf4b07b404816d5a309bdc1",
"refsource": "MISC",
"url": "https://github.com/kongchuanhujiao/server/commit/9a125624f219e496bdf4b07b404816d5a309bdc1"
}
]
},
"source": {
"advisory": "GHSA-8wrg-m8vm-5fvj",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-21403",
"datePublished": "2021-03-26T17:15:15.000Z",
"dateReserved": "2020-12-22T00:00:00.000Z",
"dateUpdated": "2024-08-03T18:09:15.870Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26102 (GCVE-0-2021-26102)
Vulnerability from cvelistv5 – Published: 2024-12-19 13:56 – Updated: 2024-12-19 15:17
VLAI
Summary
A relative path traversal vulnerability (CWE-23) in FortiWAN version 4.5.7 and below, 4.4 all versions may allow a remote non-authenticated attacker to delete files on the system by sending a crafted POST request. In particular, deleting specific configuration files will reset the Admin password to its default value.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-305 - Improper access control
Assigner
References
1 reference
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-26102",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-19T15:14:52.995354Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-19T15:17:08.639Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiWAN",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "4.5.7",
"status": "affected",
"version": "4.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.4.1",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A relative path traversal vulnerability (CWE-23) in FortiWAN version 4.5.7 and below, 4.4 all versions may allow a remote non-authenticated attacker to delete files on the system by sending a crafted POST request. In particular, deleting specific configuration files will reset the Admin password to its default value."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-19T13:56:38.177Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-21-048",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-21-048"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiWAN version 4.5.8 or above \nPlease upgrade to AscenLink version 7.2.24 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2021-26102",
"datePublished": "2024-12-19T13:56:38.177Z",
"dateReserved": "2021-01-25T14:47:15.095Z",
"dateUpdated": "2024-12-19T15:17:08.639Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26726 (GCVE-0-2021-26726)
Vulnerability from cvelistv5 – Published: 2022-02-16 15:15 – Updated: 2024-09-17 00:36
VLAI
Title
Remote code execution in Valmet DNA before Collection 2021
Summary
A remote code execution vulnerability affecting a Valmet DNA service listening on TCP port 1517, allows an attacker to execute commands with SYSTEM privileges This issue affects: Valmet DNA versions from Collection 2012 until Collection 2021.
Severity
8.8 (High)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.nozominetworks.com/labs/vulnerability… | x_refsource_CONFIRM |
| https://www.valmet.com/about-us/research-and-deve… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Valmet DNA | Valmet DNA |
Affected:
Collection 2012 , < Collection 2021
(custom)
|
Date Public
2022-02-15 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:33:41.017Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-26726/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.valmet.com/about-us/research-and-development/vulnerabilityadvisories/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Valmet DNA",
"vendor": "Valmet DNA",
"versions": [
{
"lessThan": "Collection 2021",
"status": "affected",
"version": "Collection 2012",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This bug was found by Ivan Speziale of Nozomi Networks"
}
],
"datePublic": "2022-02-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability affecting a Valmet DNA service listening on TCP port 1517, allows an attacker to execute commands with SYSTEM privileges This issue affects: Valmet DNA versions from Collection 2012 until Collection 2021."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305 Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209 Information Exposure Through an Error Message",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-272",
"description": "CWE-272 Least Privilege Violation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-16T15:15:12.000Z",
"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"shortName": "Nozomi"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-26726/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.valmet.com/about-us/research-and-development/vulnerabilityadvisories/"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to Valmet DNA version Collection 2021"
}
],
"source": {
"advisory": "https://security.nozominetworks.com/NN-2021:2-01",
"defect": [
"NN_2021-0021"
],
"discovery": "EXTERNAL"
},
"title": "Remote code execution in Valmet DNA before Collection 2021",
"workarounds": [
{
"lang": "en",
"value": "Use Valmet DNA Firewall feature to limit access to TCP port 1517"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "prodsec@nozominetworks.com",
"DATE_PUBLIC": "2022-02-15T23:00:00.000Z",
"ID": "CVE-2021-26726",
"STATE": "PUBLIC",
"TITLE": "Remote code execution in Valmet DNA before Collection 2021"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Valmet DNA",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "Collection 2012",
"version_value": "Collection 2021"
}
]
}
}
]
},
"vendor_name": "Valmet DNA"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This bug was found by Ivan Speziale of Nozomi Networks"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability affecting a Valmet DNA service listening on TCP port 1517, allows an attacker to execute commands with SYSTEM privileges This issue affects: Valmet DNA versions from Collection 2012 until Collection 2021."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-305 Authentication Bypass by Primary Weakness"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-209 Information Exposure Through an Error Message"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-272 Least Privilege Violation"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-26726/",
"refsource": "CONFIRM",
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-26726/"
},
{
"name": "https://www.valmet.com/about-us/research-and-development/vulnerabilityadvisories/",
"refsource": "MISC",
"url": "https://www.valmet.com/about-us/research-and-development/vulnerabilityadvisories/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to Valmet DNA version Collection 2021"
}
],
"source": {
"advisory": "https://security.nozominetworks.com/NN-2021:2-01",
"defect": [
"NN_2021-0021"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Use Valmet DNA Firewall feature to limit access to TCP port 1517"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"assignerShortName": "Nozomi",
"cveId": "CVE-2021-26726",
"datePublished": "2022-02-16T15:15:12.708Z",
"dateReserved": "2021-02-05T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:36:09.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28503 (GCVE-0-2021-28503)
Vulnerability from cvelistv5 – Published: 2022-02-04 22:29 – Updated: 2024-09-16 23:06
VLAI
Title
In Arista's EOS software affected releases, eAPI might skip re-evaluating user credentials when certificate based authentication is used, which allows remote attackers to access the device via eAPI.
Summary
The impact of this vulnerability is that Arista's EOS eAPI may skip re-evaluating user credentials when certificate based authentication is used, which allows remote attackers to access the device via eAPI.
Severity
7.4 (High)
CWE
- CWE-305 - Authentication Bypass by Primary Weakness
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.arista.com/en/support/advisories-noti… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Arista Networks | Arista EOS |
Affected:
EOS-4.23 , < EOS-4.23.10
(custom)
Affected: EOS-4.24 , < EOS-4.24.8 (custom) Affected: EOS-4.25 , < EOS-4.25.6 (custom) Affected: EOS-4.26 , < EOS-4.26.3 (custom) |
Date Public
2022-02-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:47:32.819Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/13605-security-advisory-0072"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Arista EOS",
"vendor": "Arista Networks",
"versions": [
{
"lessThan": "EOS-4.23.10",
"status": "affected",
"version": "EOS-4.23",
"versionType": "custom"
},
{
"lessThan": "EOS-4.24.8",
"status": "affected",
"version": "EOS-4.24",
"versionType": "custom"
},
{
"lessThan": "EOS-4.25.6",
"status": "affected",
"version": "EOS-4.25",
"versionType": "custom"
},
{
"lessThan": "EOS-4.26.3",
"status": "affected",
"version": "EOS-4.26",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-02-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The impact of this vulnerability is that Arista\u0027s EOS eAPI may skip re-evaluating user credentials when certificate based authentication is used, which allows remote attackers to access the device via eAPI."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305 Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-04T22:29:27.000Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/13605-security-advisory-0072"
}
],
"solutions": [
{
"lang": "en",
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience.\n\nThe vulnerability is fixed in the following EOS versions:\n 4.26.3 and later releases in the 4.26.x train\n 4.25.6 and later releases in the 4.25.x train\n 4.24.8 and later releases in the 4.24.x train\n 4.23.10 and later releases in the 4.24.x train"
}
],
"source": {
"advisory": "Security Advisory 0072",
"defect": [
"BUG606686"
],
"discovery": "INTERNAL"
},
"title": "In Arista\u0027s EOS software affected releases, eAPI might skip re-evaluating user credentials when certificate based authentication is used, which allows remote attackers to access the device via eAPI.",
"workarounds": [
{
"lang": "en",
"value": "Disallowing user certificate authentication via eAPI can be used to mitigate the vulnerability.\n\nswitch(config)#management security\nswitch(config-mgmt-security)#ssl profile profileEAPI\nswitch(config-mgmt-sec-ssl-profile-profileEAPI)#no trust certificate user.cert\nswitch(config-mgmt-sec-ssl-profile-profileEAPI)#exit"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@arista.com",
"DATE_PUBLIC": "2022-02-02T17:00:00.000Z",
"ID": "CVE-2021-28503",
"STATE": "PUBLIC",
"TITLE": "In Arista\u0027s EOS software affected releases, eAPI might skip re-evaluating user credentials when certificate based authentication is used, which allows remote attackers to access the device via eAPI."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Arista EOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "EOS-4.23",
"version_value": "EOS-4.23.10"
},
{
"version_affected": "\u003c",
"version_name": "EOS-4.24",
"version_value": "EOS-4.24.8"
},
{
"version_affected": "\u003c",
"version_name": "EOS-4.25",
"version_value": "EOS-4.25.6"
},
{
"version_affected": "\u003c",
"version_name": "EOS-4.26",
"version_value": "EOS-4.26.3"
}
]
}
}
]
},
"vendor_name": "Arista Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The impact of this vulnerability is that Arista\u0027s EOS eAPI may skip re-evaluating user credentials when certificate based authentication is used, which allows remote attackers to access the device via eAPI."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-305 Authentication Bypass by Primary Weakness"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/13605-security-advisory-0072",
"refsource": "MISC",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/13605-security-advisory-0072"
}
]
},
"solution": [
{
"lang": "en",
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience.\n\nThe vulnerability is fixed in the following EOS versions:\n 4.26.3 and later releases in the 4.26.x train\n 4.25.6 and later releases in the 4.25.x train\n 4.24.8 and later releases in the 4.24.x train\n 4.23.10 and later releases in the 4.24.x train"
}
],
"source": {
"advisory": "Security Advisory 0072",
"defect": [
"BUG606686"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Disallowing user certificate authentication via eAPI can be used to mitigate the vulnerability.\n\nswitch(config)#management security\nswitch(config-mgmt-security)#ssl profile profileEAPI\nswitch(config-mgmt-sec-ssl-profile-profileEAPI)#no trust certificate user.cert\nswitch(config-mgmt-sec-ssl-profile-profileEAPI)#exit"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2021-28503",
"datePublished": "2022-02-04T22:29:27.998Z",
"dateReserved": "2021-03-16T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:06:02.607Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3547 (GCVE-0-2021-3547)
Vulnerability from cvelistv5 – Published: 2021-07-12 10:35 – Updated: 2024-08-03 17:01
VLAI
Summary
OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle attacker to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in the verify-x509-name option in a client configuration.
Severity
No CVSS data available.
CWE
- CWE-305 - Authentication Bypass by Primary Weakness
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://community.openvpn.net/openvpn/wiki/Securi… | x_refsource_MISC |
| https://community.openvpn.net/openvpn/wiki/CVE-20… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | OpenVPN 3 Core Library |
Affected:
3.6 and 3.6.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:06.568Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.openvpn.net/openvpn/wiki/CVE-2021-3547"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenVPN 3 Core Library",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "3.6 and 3.6.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle attacker to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in the verify-x509-name option in a client configuration."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305: Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-12T10:35:52.000Z",
"orgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"shortName": "OpenVPN"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.openvpn.net/openvpn/wiki/CVE-2021-3547"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@openvpn.net",
"ID": "CVE-2021-3547",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenVPN 3 Core Library",
"version": {
"version_data": [
{
"version_value": "3.6 and 3.6.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle attacker to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in the verify-x509-name option in a client configuration."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-305: Authentication Bypass by Primary Weakness"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements",
"refsource": "MISC",
"url": "https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements"
},
{
"name": "https://community.openvpn.net/openvpn/wiki/CVE-2021-3547",
"refsource": "MISC",
"url": "https://community.openvpn.net/openvpn/wiki/CVE-2021-3547"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"assignerShortName": "OpenVPN",
"cveId": "CVE-2021-3547",
"datePublished": "2021-07-12T10:35:52.000Z",
"dateReserved": "2021-05-11T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:01:06.568Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3850 (GCVE-0-2021-3850)
Vulnerability from cvelistv5 – Published: 2022-01-25 14:20 – Updated: 2024-08-03 17:09
VLAI
Title
Authentication Bypass by Primary Weakness in adodb/adodb
Summary
Authentication Bypass by Primary Weakness in GitHub repository adodb/adodb prior to 5.20.21.
Severity
9.1 (Critical)
CWE
- CWE-305 - Authentication Bypass by Primary Weakness
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/bdf5f216-4499-4225-a73… | x_refsource_CONFIRM |
| https://github.com/adodb/adodb/commit/952de6c4273… | x_refsource_MISC |
| https://lists.debian.org/debian-lts-announce/2022… | mailing-listx_refsource_MLIST |
| https://www.debian.org/security/2022/dsa-5101 | vendor-advisoryx_refsource_DEBIAN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| adodb | adodb/adodb |
Affected:
unspecified , < 5.20.21
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.599Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/bdf5f216-4499-4225-a737-b28bc6f5801c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/adodb/adodb/commit/952de6c4273d9b1e91c2b838044f8c2111150c29"
},
{
"name": "[debian-lts-announce] 20220206 [SECURITY] [DLA 2912-1] libphp-adodb security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00006.html"
},
{
"name": "DSA-5101",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5101"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "adodb/adodb",
"vendor": "adodb",
"versions": [
{
"lessThan": "5.20.21",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Authentication Bypass by Primary Weakness in GitHub repository adodb/adodb prior to 5.20.21."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305 Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-14T14:06:25.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/bdf5f216-4499-4225-a737-b28bc6f5801c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/adodb/adodb/commit/952de6c4273d9b1e91c2b838044f8c2111150c29"
},
{
"name": "[debian-lts-announce] 20220206 [SECURITY] [DLA 2912-1] libphp-adodb security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00006.html"
},
{
"name": "DSA-5101",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2022/dsa-5101"
}
],
"source": {
"advisory": "bdf5f216-4499-4225-a737-b28bc6f5801c",
"discovery": "EXTERNAL"
},
"title": "Authentication Bypass by Primary Weakness in adodb/adodb",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-3850",
"STATE": "PUBLIC",
"TITLE": "Authentication Bypass by Primary Weakness in adodb/adodb"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "adodb/adodb",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.20.21"
}
]
}
}
]
},
"vendor_name": "adodb"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Authentication Bypass by Primary Weakness in GitHub repository adodb/adodb prior to 5.20.21."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-305 Authentication Bypass by Primary Weakness"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/bdf5f216-4499-4225-a737-b28bc6f5801c",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/bdf5f216-4499-4225-a737-b28bc6f5801c"
},
{
"name": "https://github.com/adodb/adodb/commit/952de6c4273d9b1e91c2b838044f8c2111150c29",
"refsource": "MISC",
"url": "https://github.com/adodb/adodb/commit/952de6c4273d9b1e91c2b838044f8c2111150c29"
},
{
"name": "[debian-lts-announce] 20220206 [SECURITY] [DLA 2912-1] libphp-adodb security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00006.html"
},
{
"name": "DSA-5101",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5101"
}
]
},
"source": {
"advisory": "bdf5f216-4499-4225-a737-b28bc6f5801c",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-3850",
"datePublished": "2022-01-25T14:20:11.000Z",
"dateReserved": "2021-10-02T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:09:09.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.