CVE-2021-26928

Exploit

EPSS 0.33%
Veröffentlicht 04.06.2021 21:15:07
Zuletzt bearbeitet 21.11.2024 05:57:03
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

BIRD through 2.0.7 does not provide functionality for password authentication of BGP peers. Because of this, products that use BIRD (which may, for example, include Tigera products in some configurations, as well as products of other vendors) may have been susceptible to route redirection for Denial of Service and/or Information Disclosure. NOTE: a researcher has asserted that the behavior is within Tigera’s area of responsibility; however, Tigera disagrees

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Nic ≫ Bird Version <= 2.0.7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.33%	0.53

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	1.6	5.2	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
nvd@nist.gov	4.9	6.8	4.9	AV:N/AC:M/Au:S/C:P/I:N/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.8	1.6	5.2	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

https://www.cyberark.com/resources/threat-research-blog/attacking-kubernetes-clusters-through-your-network-plumbing-part-2

Third Party Advisory

Exploit

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2021-26928

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-26928

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-26928

EUVD