5.3

CVE-2021-4189

EPSS 0.41%
Veröffentlicht 24.08.2022 16:15:09
Zuletzt bearbeitet 21.11.2024 06:37:06
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 12

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Python ≫ Python Version >= 3.6.0 < 3.6.14

Python ≫ Python Version >= 3.7.0 < 3.7.11

Python ≫ Python Version >= 3.8.0 < 3.8.9

Python ≫ Python Version >= 3.9.0 < 3.9.3

Python ≫ Python Version3.10.0 Update-

Debian ≫ Debian Linux Version10.0

Debian ≫ Debian Linux Version11.0

Redhat ≫ Software Collections Version-

Redhat ≫ Enterprise Linux Version8.0

Netapp ≫ Ontap Select Deploy Administration Utility Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.41%	0.608

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-252 Unchecked Return Value

The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.

https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html

https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html

https://access.redhat.com/security/cve/CVE-2021-4189

Third Party Advisory

https://bugs.python.org/issue43285

Patch

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2036020

Patch

Third Party Advisory

Issue Tracking

https://github.com/python/cpython/commit/0ab152c6b5d95caa2dc1a30fa96e10258b5f188e

Patch

Third Party Advisory

https://python-security.readthedocs.io/vuln/ftplib-pasv.html

Patch

Third Party Advisory

https://security-tracker.debian.org/tracker/CVE-2021-4189

Third Party Advisory

https://security.netapp.com/advisory/ntap-20221104-0004/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-4189

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-4189

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-4189

EUVD