9.8
CVE-2021-30064
- EPSS 0.06%
- Veröffentlicht 03.04.2022 22:15:14
- Zuletzt bearbeitet 21.11.2024 06:03:17
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, an SSH login can succeed with hardcoded default credentials (if the device is in the uncommissioned state).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Belden ≫ Tofino Xenon Security Appliance Firmware Version < 03.2.03
Belden ≫ Tofino Argon Fa-tsa-220-tx/mm Firmware Version-
Belden ≫ Tofino Argon Fa-tsa-220-tx/tx Firmware Version-
Belden ≫ Tofino Argon Fa-tsa-220-mm/tx Firmware Version-
Belden ≫ Tofino Argon Fa-tsa-220-mm/mm Firmware Version-
Belden ≫ Tofino Argon Fa-tsa-100-tx/tx Firmware Version-
Belden ≫ Eagle 20 Tofino 943 987-505-mm/mm Firmware Version-
Belden ≫ Eagle 20 Tofino 943 987-504-mm/tx Firmware Version-
Belden ≫ Eagle 20 Tofino 943 987-501-tx/tx Firmware Version-
Schneider-electric ≫ Tcsefea23f3f20 Firmware Version-
Schneider-electric ≫ Tcsefea23f3f21 Firmware Version-
Schneider-electric ≫ Tcsefea23f3f22 Firmware Version < 03.23
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.06% | 0.15 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-798 Use of Hard-coded Credentials
The product contains hard-coded credentials, such as a password or cryptographic key.