CVE-2021-37189

EPSS 0.19%
Veröffentlicht 10.12.2021 13:15:07
Zuletzt bearbeitet 21.11.2024 06:14:49
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

An issue was discovered on Digi TransPort Gateway devices through 5.2.13.4. They do not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in cleartext over an HTTP session.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Digi ≫ Transport Wr11 Firmware Version < 6.0.0.0

Digi ≫ Transport Wr11 Version-

Digi ≫ Transport Wr11 Xt Firmware Version < 6.0.0.0

Digi ≫ Transport Wr11 Xt Version-

Digi ≫ Transport Wr21 Firmware Version < 6.0.0.0

Digi ≫ Transport Wr21 Version-

Digi ≫ Transport Wr31 Firmware Version < 6.0.0.0

Digi ≫ Transport Wr31 Version-

Digi ≫ Transport Wr41 Firmware Version < 6.0.0.0

Digi ≫ Transport Wr41 Version-

Digi ≫ Transport Wr44 Firmware Version < 6.0.0.0

Digi ≫ Transport Wr44 Versionv2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.19%	0.411

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-311 Missing Encryption of Sensitive Data

The product does not encrypt sensitive or critical information before storage or transmission.

https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-04.txt

Third Party Advisory

https://www.digi.com/search/results?q=transport

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-37189

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-37189

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-37189

EUVD