7.8
CVE-2021-27450
- EPSS 0.2%
- Veröffentlicht 25.03.2021 20:15:13
- Zuletzt bearbeitet 21.11.2024 05:58:00
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
SSH server configuration file does not implement some best practices. This could lead to a weakening of the SSH protocol strength, which could lead to additional misconfiguration or be leveraged as part of a larger attack on the MU320E (all firmware versions prior to v04A00.1).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ge ≫ Mu320e Firmware Version < 04a00.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.2% | 0.093 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 4.6 | 3.9 | 6.4 |
AV:L/AC:L/Au:N/C:P/I:P/A:P
|
CWE-326 Inadequate Encryption Strength
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.
https://us-cert.cisa.gov/ics/advisories/icsa-21-082-02