7.4

CVE-2021-44273

Exploit

EPSS 0.17%
Veröffentlicht 23.12.2021 12:15:07
Zuletzt bearbeitet 21.11.2024 06:30:41
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

e2guardian v5.4.x <= v5.4.3r is affected by missing SSL certificate validation in the SSL MITM engine. In standalone mode (i.e., acting as a proxy or a transparent proxy), with SSL MITM enabled, e2guardian, if built with OpenSSL v1.1.x, did not validate hostnames in certificates of the web servers that it connected to, and thus was itself vulnerable to MITM attacks.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

E2bn ≫ E2guardian Version >= 5.4.0 <= 5.4.3r

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.17%	0.386

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.4	2.2	5.2	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:P/A:N

CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

http://www.openwall.com/lists/oss-security/2021/12/23/2

Third Party Advisory

Mailing List

https://github.com/e2guardian/e2guardian/commit/eae46a7e2a57103aadca903c4a24cca94dc502a2

Patch

Third Party Advisory

https://github.com/e2guardian/e2guardian/issues/707

Patch

Third Party Advisory

Exploit

Issue Tracking

https://lists.debian.org/debian-lts-announce/2023/09/msg00010.html

https://nvd.nist.gov/vuln/detail/CVE-2021-44273

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-44273

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-44273

EUVD