CVE-2021-21906

Exploit

EPSS 0.28%
Veröffentlicht 22.12.2021 19:15:09
Zuletzt bearbeitet 21.11.2024 05:49:13
Quelle talos-cna@cisco.com
CVE-Watchlists
Login
Unerledigt
Login

Stack-based buffer overflow vulnerability exists in how the CMA readfile function of Garrett Metal Detectors iC Module CMA Version 5.0 is used at various locations. The Garrett iC Module exposes an authenticated CLI over TCP port 6877. This interface is used by a secondary GUI client, called “CMA Connect”, to interact with the iC Module on behalf of the user. Every time a user submits a password to the CLI password prompt, the buffer containing their input is passed as the password parameter to the checkPassword function.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Garrett ≫ Ic Module Cma Version5.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.28%	0.513

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	9	8	10	AV:N/AC:L/Au:S/C:C/I:C/A:C
talos-cna@cisco.com	8.2	1.5	6	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://talosintelligence.com/vulnerability_reports/TALOS-2021-1357

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2021-21906

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-21906

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-21906

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2021-21906