7.5

CVE-2021-20590

EPSS 0.26%
Veröffentlicht 22.04.2021 19:15:07
Zuletzt bearbeitet 21.11.2024 05:46:50
Quelle Mitsubishielectric.Psirt@yd.Mi
CVE-Watchlists
Login
Unerledigt
Login

Improper authentication vulnerability in GOT2000 series GT27 model VNC server versions 01.39.010 and prior, GOT2000 series GT25 model VNC server versions 01.39.010 and prior, GOT2000 series GT21 model GT2107-WTBD VNC server versions 01.40.000 and prior, GOT2000 series GT21 model GT2107-WTSD VNC server versions 01.40.000 and prior, GOT SIMPLE series GS21 model GS2110-WTBD-N VNC server versions 01.40.000 and prior and GOT SIMPLE series GS21 model GS2107-WTBD-N VNC server versions 01.40.000 and prior allows a remote unauthenticated attacker to gain unauthorized access via specially crafted packets when the "VNC server" function is used.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mitsubishielectric ≫ Got2000 Gt27 Firmware Version <= 01.39.010

Mitsubishielectric ≫ Got2000 Gt27 Version-

Mitsubishielectric ≫ Got2000 Gt25 Firmware Version <= 01.39.010

Mitsubishielectric ≫ Got2000 Gt25 Version-

Mitsubishielectric ≫ Gt2107-wtbd Firmware Version <= 01.40.000

Mitsubishielectric ≫ Gt2107-wtbd Version-

Mitsubishielectric ≫ Gt2107-wtsd Firmware Version <= 01.40.000

Mitsubishielectric ≫ Gt2107-wtsd Version-

Mitsubishielectric ≫ Gs2110-wtbd-n Firmware Version <= 01.40.000

Mitsubishielectric ≫ Gs2110-wtbd-n Version-

Mitsubishielectric ≫ Gs2107-wtbd-n Firmware Version <= 01.40.000

Mitsubishielectric ≫ Gs2107-wtbd-n Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.26%	0.49

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://jvn.jp/vu/JVNVU97615777/index.html

https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-001_en.pdf

https://nvd.nist.gov/vuln/detail/CVE-2021-20590

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-20590

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-20590

EUVD