CVE-2021-33600

EPSS 0.37%
Veröffentlicht 28.09.2021 10:15:08
Zuletzt bearbeitet 21.11.2024 06:09:10
Quelle cve-notifications-us@f-secure.
CVE-Watchlists
Login
Unerledigt
Login

A denial-of-service (DoS) vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. The vulnerability occurs because of an attacker can trigger assertion via malformed HTTP packet to web interface. An unauthenticated attacker could exploit this vulnerability by sending a large username parameter. A successful exploitation could lead to a denial-of-service of the product.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

F-secure ≫ Internet Gatekeeper Version >= 5.10 <= 5.50.47

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.37%	0.559

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P
cve-notifications-us@f-secure.com	5.4	2.3	2.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWE-617 Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame

Vendor Advisory

https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-33600

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-33600

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-33600

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-33600

EUVD