CWE-295
AllowedImproper Certificate Validation
Abstraction: Base · Status: Draft
The product does not validate, or incorrectly validates, a certificate.
1908 vulnerabilities reference this CWE, most recent first.
CVE-2021-20989 (GCVE-0-2021-20989)
Vulnerability from cvelistv5 – Published: 2021-04-19 14:05 – Updated: 2024-09-17 00:42- CWE-295 - Improper Certificate Validation
| URL | Tags |
|---|---|
| https://www.iot-inspector.com/blog/advisory-fibar… | x_refsource_CONFIRM |
| http://seclists.org/fulldisclosure/2021/Apr/27 | mailing-listx_refsource_FULLDISC |
| http://packetstormsecurity.com/files/162243/Fibar… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Fibar Group S.A | Fibaro Home Center |
Affected:
Home Center 2 , ≤ 4.600
(custom)
Affected: Home Center Lite , ≤ 4.600 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:23.084Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.iot-inspector.com/blog/advisory-fibaro-home-center/"
},
{
"name": "20210419 [CVE-2021-20989, CVE-2021-20990, CVE-2021-20991, CVE-2021-20992] Multiple vulnerabilities in Fibaro Home Center",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Apr/27"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/162243/Fibaro-Home-Center-MITM-Missing-Authentication-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Fibaro Home Center",
"vendor": "Fibar Group S.A",
"versions": [
{
"lessThanOrEqual": "4.600",
"status": "affected",
"version": "Home Center 2",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.600",
"status": "affected",
"version": "Home Center Lite",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Marton Illes IoT Inspector Research Lab https://www.iot-inspector.com"
}
],
"datePublic": "2021-04-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Fibaro Home Center 2 and Lite devices with firmware version 4.600 and older initiate SSH connections to the Fibaro cloud to provide remote access and remote support capabilities. This connection can be intercepted using DNS spoofing attack and a device initiated remote port-forward channel can be used to connect to the web management interface. Knowledge of authorization credentials to the management interface is required to perform any further actions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-30T09:15:16.000Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.iot-inspector.com/blog/advisory-fibaro-home-center/"
},
{
"name": "20210419 [CVE-2021-20989, CVE-2021-20990, CVE-2021-20991, CVE-2021-20992] Multiple vulnerabilities in Fibaro Home Center",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Apr/27"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/162243/Fibaro-Home-Center-MITM-Missing-Authentication-Code-Execution.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Fibaro Home Center Insufficient remote access server authorization",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-04-15T10:00:00.000Z",
"ID": "CVE-2021-20989",
"STATE": "PUBLIC",
"TITLE": "Fibaro Home Center Insufficient remote access server authorization"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fibaro Home Center",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "Home Center 2",
"version_value": "4.600"
},
{
"version_affected": "\u003c=",
"version_name": "Home Center Lite",
"version_value": "4.600"
}
]
}
}
]
},
"vendor_name": "Fibar Group S.A"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Marton Illes IoT Inspector Research Lab https://www.iot-inspector.com"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Fibaro Home Center 2 and Lite devices with firmware version 4.600 and older initiate SSH connections to the Fibaro cloud to provide remote access and remote support capabilities. This connection can be intercepted using DNS spoofing attack and a device initiated remote port-forward channel can be used to connect to the web management interface. Knowledge of authorization credentials to the management interface is required to perform any further actions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295 Improper Certificate Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.iot-inspector.com/blog/advisory-fibaro-home-center/",
"refsource": "CONFIRM",
"url": "https://www.iot-inspector.com/blog/advisory-fibaro-home-center/"
},
{
"name": "20210419 [CVE-2021-20989, CVE-2021-20990, CVE-2021-20991, CVE-2021-20992] Multiple vulnerabilities in Fibaro Home Center",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Apr/27"
},
{
"name": "http://packetstormsecurity.com/files/162243/Fibaro-Home-Center-MITM-Missing-Authentication-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/162243/Fibaro-Home-Center-MITM-Missing-Authentication-Code-Execution.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-20989",
"datePublished": "2021-04-19T14:05:02.362Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:42:24.901Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20328 (GCVE-0-2021-20328)
Vulnerability from cvelistv5 – Published: 2021-02-25 16:30 – Updated: 2024-09-16 19:10- CWE-295 - Improper Certificate Validation
| URL | Tags |
|---|---|
| https://jira.mongodb.org/browse/JAVA-4017 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| MongoDB Inc. | mongo-java-driver |
Affected:
3.11 , ≤ 3.11.2
(custom)
Affected: 3.12 , ≤ 3.12.7 (custom) |
|
| MongoDB Inc. | mongodb-driver |
Affected:
3.11 , ≤ 3.11.2
(custom)
Affected: 3.12 , ≤ 3.12.7 (custom) |
|
| MongoDB Inc. | mongodb-driver-sync |
Affected:
4.2.0
Affected: 3.11 , ≤ 3.11.2 (custom) Affected: 3.12 , ≤ 3.12.7 (custom) Affected: 4.0 , ≤ 4.0.5 (custom) Affected: 4.1 , ≤ 4.1.1 (custom) |
|
| MongoDB Inc. | mongodb-driver-legacy |
Affected:
4.2.0
Affected: 3.11 , ≤ 3.11.2 (custom) Affected: 3.12 , ≤ 3.12.7 (custom) Affected: 4.0 , ≤ 4.0.5 (custom) Affected: 4.1 , ≤ 4.1.1 (custom) |
|
| mongodb | java_driver |
Affected:
3.11 , ≤ 3.11.2
(custom)
Affected: 3.12 , ≤ 3.12.7 (custom) cpe:2.3:a:mongodb:java_driver:*:*:*:*:*:mongodb:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:37:24.117Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.mongodb.org/browse/JAVA-4017"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mongodb:java_driver:*:*:*:*:*:mongodb:*:*"
],
"defaultStatus": "unaffected",
"product": "java_driver",
"vendor": "mongodb",
"versions": [
{
"lessThanOrEqual": "3.11.2",
"status": "affected",
"version": "3.11",
"versionType": "custom"
},
{
"lessThanOrEqual": "3.12.7",
"status": "affected",
"version": "3.12",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-20328",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-13T16:48:15.681647Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-15T17:36:34.465Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "mongo-java-driver",
"vendor": "MongoDB Inc.",
"versions": [
{
"lessThanOrEqual": "3.11.2",
"status": "affected",
"version": "3.11",
"versionType": "custom"
},
{
"lessThanOrEqual": "3.12.7",
"status": "affected",
"version": "3.12",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "mongodb-driver",
"vendor": "MongoDB Inc.",
"versions": [
{
"lessThanOrEqual": "3.11.2",
"status": "affected",
"version": "3.11",
"versionType": "custom"
},
{
"lessThanOrEqual": "3.12.7",
"status": "affected",
"version": "3.12",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "mongodb-driver-sync",
"vendor": "MongoDB Inc.",
"versions": [
{
"status": "affected",
"version": "4.2.0"
},
{
"lessThanOrEqual": "3.11.2",
"status": "affected",
"version": "3.11",
"versionType": "custom"
},
{
"lessThanOrEqual": "3.12.7",
"status": "affected",
"version": "3.12",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.0.5",
"status": "affected",
"version": "4.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.1.1",
"status": "affected",
"version": "4.1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "mongodb-driver-legacy",
"vendor": "MongoDB Inc.",
"versions": [
{
"status": "affected",
"version": "4.2.0"
},
{
"lessThanOrEqual": "3.11.2",
"status": "affected",
"version": "3.11",
"versionType": "custom"
},
{
"lessThanOrEqual": "3.12.7",
"status": "affected",
"version": "3.12",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.0.5",
"status": "affected",
"version": "4.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.1.1",
"status": "affected",
"version": "4.1",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-02-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSpecific versions of the Java driver that support client-side field level encryption (CSFLE) fail to perform correct host name verification on the KMS server\u2019s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffic between the Java driver and the KMS service rendering Field Level Encryption ineffective. This issue was discovered during internal testing and affects all versions of the Java driver that support CSFLE. The Java async, Scala, and reactive streams drivers are not impacted. This vulnerability does not impact driver traffic payloads with CSFLE-supported key services originating from applications residing inside the AWS, GCP, and Azure network fabrics due to compensating controls in these environments. This issue does not impact driver workloads that don\u2019t use Field Level Encryption.\u003c/p\u003e"
}
],
"value": "Specific versions of the Java driver that support client-side field level encryption (CSFLE) fail to perform correct host name verification on the KMS server\u2019s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffic between the Java driver and the KMS service rendering Field Level Encryption ineffective. This issue was discovered during internal testing and affects all versions of the Java driver that support CSFLE. The Java async, Scala, and reactive streams drivers are not impacted. This vulnerability does not impact driver traffic payloads with CSFLE-supported key services originating from applications residing inside the AWS, GCP, and Azure network fabrics due to compensating controls in these environments. This issue does not impact driver workloads that don\u2019t use Field Level Encryption."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-13T13:39:14.648Z",
"orgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
"shortName": "mongodb"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.mongodb.org/browse/JAVA-4017"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "MongoDB Java driver client-side field level encryption not verifying KMS host name",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@mongodb.com",
"DATE_PUBLIC": "2021-02-25T17:00:00.000Z",
"ID": "CVE-2021-20328",
"STATE": "PUBLIC",
"TITLE": "MongoDB Java driver client-side field level encryption not verifying KMS host name"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mongo-java-driver",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "3.11",
"version_value": "3.11.2"
},
{
"version_affected": "\u003c=",
"version_name": "3.12",
"version_value": "3.12.7"
}
]
}
},
{
"product_name": "mongodb-driver",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "3.11",
"version_value": "3.11.2"
},
{
"version_affected": "\u003c=",
"version_name": "3.12",
"version_value": "3.12.7"
}
]
}
},
{
"product_name": "mongodb-driver-sync",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "3.11",
"version_value": "3.11.2"
},
{
"version_affected": "\u003c=",
"version_name": "3.12",
"version_value": "3.12.7"
},
{
"version_affected": "\u003c=",
"version_name": "4.0",
"version_value": "4.0.5"
},
{
"version_affected": "\u003c=",
"version_name": "4.1",
"version_value": "4.1.1"
},
{
"version_affected": "=",
"version_name": "4.2",
"version_value": "4.2.0"
}
]
}
},
{
"product_name": "mongodb-driver-legacy",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "3.11",
"version_value": "3.11.2"
},
{
"version_affected": "\u003c=",
"version_name": "3.12",
"version_value": "3.12.7"
},
{
"version_affected": "\u003c=",
"version_name": "4.0",
"version_value": "4.0.5"
},
{
"version_affected": "\u003c=",
"version_name": "4.1",
"version_value": "4.1.1"
},
{
"version_affected": "=",
"version_name": "4.2",
"version_value": "4.2.0"
}
]
}
}
]
},
"vendor_name": "MongoDB Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Specific versions of the Java driver that support client-side field level encryption (CSFLE) fail to perform correct host name verification on the KMS server\u2019s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffic between the Java driver and the KMS service rendering Field Level Encryption ineffective. This issue was discovered during internal testing and affects all versions of the Java driver that support CSFLE. The Java async, Scala, and reactive streams drivers are not impacted. This vulnerability does not impact driver traffic payloads with CSFLE-supported key services originating from applications residing inside the AWS, GCP, and Azure network fabrics due to compensating controls in these environments. This issue does not impact driver workloads that don\u2019t use Field Level Encryption."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295 Improper Certificate Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jira.mongodb.org/browse/JAVA-4017",
"refsource": "MISC",
"url": "https://jira.mongodb.org/browse/JAVA-4017"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
"assignerShortName": "mongodb",
"cveId": "CVE-2021-20328",
"datePublished": "2021-02-25T16:30:14.536Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:10:28.653Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20327 (GCVE-0-2021-20327)
Vulnerability from cvelistv5 – Published: 2021-02-25 16:25 – Updated: 2024-09-16 19:24- CWE-295 - Improper Certificate Validation
| URL | Tags |
|---|---|
| https://jira.mongodb.org/browse/NODE-3125 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| MongoDB Inc. | MongoDB Node.js Driver mongodb-client-encryption module |
Affected:
1.2.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:37:23.809Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.mongodb.org/browse/NODE-3125"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MongoDB Node.js Driver mongodb-client-encryption module",
"vendor": "MongoDB Inc.",
"versions": [
{
"status": "affected",
"version": "1.2.0"
}
]
}
],
"datePublic": "2021-02-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA specific version of the Node.js mongodb-client-encryption module does not perform correct validation of the KMS server\u2019s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffic between the Node.js driver and the KMS service rendering client-side field level encryption (CSFLE) ineffective. This issue was discovered during internal testing and affects mongodb-client-encryption module version 1.2.0, which was available from 2021-Jan-29 and deprecated in the NPM Registry on 2021-Feb-04. This vulnerability does not impact driver traffic payloads with CSFLE-supported key services from applications residing inside the AWS, GCP, and Azure nework fabrics due to compensating controls in these environments. This issue does not impact driver workloads that don\u2019t use Field Level Encryption. This issue affect MongoDB Node.js Driver mongodb-client-encryption module version 1.2.0\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "A specific version of the Node.js mongodb-client-encryption module does not perform correct validation of the KMS server\u2019s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffic between the Node.js driver and the KMS service rendering client-side field level encryption (CSFLE) ineffective. This issue was discovered during internal testing and affects mongodb-client-encryption module version 1.2.0, which was available from 2021-Jan-29 and deprecated in the NPM Registry on 2021-Feb-04. This vulnerability does not impact driver traffic payloads with CSFLE-supported key services from applications residing inside the AWS, GCP, and Azure nework fabrics due to compensating controls in these environments. This issue does not impact driver workloads that don\u2019t use Field Level Encryption. This issue affect MongoDB Node.js Driver mongodb-client-encryption module version 1.2.0"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-13T13:49:05.486Z",
"orgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
"shortName": "mongodb"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.mongodb.org/browse/NODE-3125"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "MongoDB Node.js client side field level encryption library may not be validating KMS certificate",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@mongodb.com",
"DATE_PUBLIC": "2021-02-25T14:51:00.000Z",
"ID": "CVE-2021-20327",
"STATE": "PUBLIC",
"TITLE": "MongoDB Node.js client side field level encryption library may not be validating KMS certificate"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mongodb-client-encryption module",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "1.2",
"version_value": "1.2.0"
}
]
}
}
]
},
"vendor_name": "MongoDB Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A specific version of the Node.js mongodb-client-encryption module does not perform correct validation of the KMS server\u2019s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffic between the Node.js driver and the KMS service rendering client-side field level encryption (CSFLE) ineffective. This issue was discovered during internal testing and affects mongodb-client-encryption module version 1.2.0, which was available from 2021-Jan-29 and deprecated in the NPM Registry on 2021-Feb-04. This vulnerability does not impact driver traffic payloads with CSFLE-supported key services from applications residing inside the AWS, GCP, and Azure nework fabrics due to compensating controls in these environments. This issue does not impact driver workloads that don\u2019t use Field Level Encryption."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295 Improper Certificate Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jira.mongodb.org/browse/NODE-3125",
"refsource": "MISC",
"url": "https://jira.mongodb.org/browse/NODE-3125"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
"assignerShortName": "mongodb",
"cveId": "CVE-2021-20327",
"datePublished": "2021-02-25T16:25:11.455Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:24:34.117Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20230 (GCVE-0-2021-20230)
Vulnerability from cvelistv5 – Published: 2021-02-23 16:34 – Updated: 2024-08-03 17:30| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1925226 | x_refsource_MISC |
| https://github.com/mtrojnar/stunnel/commit/ebad9d… | x_refsource_MISC |
| https://security.gentoo.org/glsa/202105-02 | vendor-advisoryx_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:30:07.599Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925226"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mtrojnar/stunnel/commit/ebad9ddc4efb2635f37174c9d800d06206f1edf9"
},
{
"name": "GLSA-202105-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202105-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "stunnel",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "stunnel 5.57"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in stunnel before 5.57, where it improperly validates client certificates when it is configured to use both redirect and verifyChain options. This flaw allows an attacker with a certificate signed by a Certificate Authority, which is not the one accepted by the stunnel server, to access the tunneled service instead of being redirected to the address specified in the redirect option. The highest threat from this vulnerability is to confidentiality."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-26T09:06:16.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925226"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mtrojnar/stunnel/commit/ebad9ddc4efb2635f37174c9d800d06206f1edf9"
},
{
"name": "GLSA-202105-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202105-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-20230",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "stunnel",
"version": {
"version_data": [
{
"version_value": "stunnel 5.57"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in stunnel before 5.57, where it improperly validates client certificates when it is configured to use both redirect and verifyChain options. This flaw allows an attacker with a certificate signed by a Certificate Authority, which is not the one accepted by the stunnel server, to access the tunneled service instead of being redirected to the address specified in the redirect option. The highest threat from this vulnerability is to confidentiality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1925226",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925226"
},
{
"name": "https://github.com/mtrojnar/stunnel/commit/ebad9ddc4efb2635f37174c9d800d06206f1edf9",
"refsource": "MISC",
"url": "https://github.com/mtrojnar/stunnel/commit/ebad9ddc4efb2635f37174c9d800d06206f1edf9"
},
{
"name": "GLSA-202105-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202105-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-20230",
"datePublished": "2021-02-23T16:34:39.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:30:07.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3898 (GCVE-0-2021-3898)
Vulnerability from cvelistv5 – Published: 2022-04-22 20:30 – Updated: 2024-08-03 17:09- CWE-295 - Improper Certificate Validation
| URL | Tags |
|---|---|
| https://support.lenovo.com/us/en/product_security… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Motorola | Device Help Android App |
Affected:
various
|
|
| Motorola | Ready For Android App |
Affected:
various
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.607Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-58311"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Device Help Android App",
"vendor": "Motorola",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"product": "Ready For Android App",
"vendor": "Motorola",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Versions of Motorola Ready For and Motorola Device Help Android applications prior to 2021-04-08 do not properly verify the server certificate which could lead to the communication channel being accessible by an attacker."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-22T20:30:35.000Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-58311"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to latest versions of Motorola Ready For and Motorola Device Help Android applications."
}
],
"source": {
"advisory": "LEN-58311",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2021-3898",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Device Help Android App",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "Motorola"
},
{
"product": {
"product_data": [
{
"product_name": "Ready For Android App",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "Motorola"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Versions of Motorola Ready For and Motorola Device Help Android applications prior to 2021-04-08 do not properly verify the server certificate which could lead to the communication channel being accessible by an attacker."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295 Improper Certificate Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-58311",
"refsource": "MISC",
"url": "https://support.lenovo.com/us/en/product_security/LEN-58311"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to latest versions of Motorola Ready For and Motorola Device Help Android applications."
}
],
"source": {
"advisory": "LEN-58311",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2021-3898",
"datePublished": "2022-04-22T20:30:35.000Z",
"dateReserved": "2021-10-22T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:09:09.607Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3698 (GCVE-0-2021-3698)
Vulnerability from cvelistv5 – Published: 2022-03-08 14:07 – Updated: 2024-08-03 17:01| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1992149 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:07.967Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1992149"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "cockpit",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "cockpit versions prior to 260"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Security Services Daemon (SSSD). This flaw allows client certificates to authenticate successfully, regardless of the Certificate Revocation List (CRL) configuration or the certificate status. The highest threat from this vulnerability is to confidentiality."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-08T14:07:49.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1992149"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-3698",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "cockpit",
"version": {
"version_data": [
{
"version_value": "cockpit versions prior to 260"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Security Services Daemon (SSSD). This flaw allows client certificates to authenticate successfully, regardless of the Certificate Revocation List (CRL) configuration or the certificate status. The highest threat from this vulnerability is to confidentiality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1992149",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1992149"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3698",
"datePublished": "2022-03-08T14:07:49.000Z",
"dateReserved": "2021-08-10T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:01:07.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3636 (GCVE-0-2021-3636)
Vulnerability from cvelistv5 – Published: 2021-07-30 19:27 – Updated: 2024-08-03 17:01- CWE-295 - >CWE-287
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1978621 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:07.589Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1978621"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openshift",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "openshift 4.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "It was found in OpenShift, before version 4.8, that the generated certificate for the in-cluster Service CA, incorrectly included additional certificates. The Service CA is automatically mounted into all pods, allowing them to safely connect to trusted in-cluster services that present certificates signed by the trusted Service CA. The incorrect inclusion of additional CAs in this certificate would allow an attacker that compromises any of the additional CAs to masquerade as a trusted in-cluster service."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295-\u003eCWE-287",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-30T19:27:06.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1978621"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-3636",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "openshift",
"version": {
"version_data": [
{
"version_value": "openshift 4.8"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was found in OpenShift, before version 4.8, that the generated certificate for the in-cluster Service CA, incorrectly included additional certificates. The Service CA is automatically mounted into all pods, allowing them to safely connect to trusted in-cluster services that present certificates signed by the trusted Service CA. The incorrect inclusion of additional CAs in this certificate would allow an attacker that compromises any of the additional CAs to masquerade as a trusted in-cluster service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295-\u003eCWE-287"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1978621",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1978621"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3636",
"datePublished": "2021-07-30T19:27:06.000Z",
"dateReserved": "2021-07-02T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:01:07.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3618 (GCVE-0-2021-3618)
Vulnerability from cvelistv5 – Published: 2022-03-23 00:00 – Updated: 2024-08-03 17:01{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:07.459Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1975623"
},
{
"tags": [
"x_transferred"
],
"url": "https://alpaca-attack.com/"
},
{
"name": "[debian-lts-announce] 20221122 [SECURITY] [DLA 3203-1] nginx security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00031.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ALPACA",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "vsftpd 3.0.4, nginx 1.21.0, sendmail 8.17"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim\u0027s traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-23T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1975623"
},
{
"url": "https://alpaca-attack.com/"
},
{
"name": "[debian-lts-announce] 20221122 [SECURITY] [DLA 3203-1] nginx security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00031.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3618",
"datePublished": "2022-03-23T00:00:00.000Z",
"dateReserved": "2021-06-24T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:01:07.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3460 (GCVE-0-2021-3460)
Vulnerability from cvelistv5 – Published: 2021-04-13 20:41 – Updated: 2024-08-03 16:53- CWE-295 - Improper Certificate Validation
| URL | Tags |
|---|---|
| https://motorolamentor.zendesk.com/hc/en-us/artic… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:53:17.619Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://motorolamentor.zendesk.com/hc/en-us/articles/1260804087249"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MH702x",
"vendor": "Motorola",
"versions": [
{
"lessThan": "2.0.0.301",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Motorola MH702x devices, prior to version 2.0.0.301, do not properly verify the server certificate during communication with the support server which could lead to the communication channel being accessible by an attacker."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-13T20:41:43.000Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://motorolamentor.zendesk.com/hc/en-us/articles/1260804087249"
}
],
"solutions": [
{
"lang": "en",
"value": "Update Motorola MH702x devices to firmware version 2.0.0.301."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2021-3460",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MH702x",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.0.0.301"
}
]
}
}
]
},
"vendor_name": "Motorola"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Motorola MH702x devices, prior to version 2.0.0.301, do not properly verify the server certificate during communication with the support server which could lead to the communication channel being accessible by an attacker."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295 Improper Certificate Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://motorolamentor.zendesk.com/hc/en-us/articles/1260804087249",
"refsource": "MISC",
"url": "https://motorolamentor.zendesk.com/hc/en-us/articles/1260804087249"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update Motorola MH702x devices to firmware version 2.0.0.301."
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2021-3460",
"datePublished": "2021-04-13T20:41:43.000Z",
"dateReserved": "2021-03-22T00:00:00.000Z",
"dateUpdated": "2024-08-03T16:53:17.619Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-1354 (GCVE-0-2021-1354)
Vulnerability from cvelistv5 – Published: 2021-02-04 16:40 – Updated: 2024-11-08 23:52| URL | Tags |
|---|---|
| https://tools.cisco.com/security/center/content/C… | vendor-advisoryx_refsource_CISCO |
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Unified Computing System Central Software |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:11:16.896Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20210203 Cisco Unified Computing System Central Software Improper Certificate Validation Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-invcert-eOpRvCKH"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-1354",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-08T20:49:28.998994Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T23:52:11.438Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Unified Computing System Central Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2021-02-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the certificate registration process of Cisco Unified Computing System (UCS) Central Software could allow an authenticated, adjacent attacker to register a rogue Cisco Unified Computing System Manager (UCSM). This vulnerability is due to improper certificate validation. An attacker could exploit this vulnerability by sending a crafted HTTP request to the registration API. A successful exploit could allow the attacker to register a rogue Cisco UCSM and gain access to Cisco UCS Central Software data and Cisco UCSM inventory data."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-04T16:40:25.000Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20210203 Cisco Unified Computing System Central Software Improper Certificate Validation Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-invcert-eOpRvCKH"
}
],
"source": {
"advisory": "cisco-sa-ucs-invcert-eOpRvCKH",
"defect": [
[
"CSCvw35850"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Unified Computing System Central Software Improper Certificate Validation Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2021-02-03T16:00:00",
"ID": "CVE-2021-1354",
"STATE": "PUBLIC",
"TITLE": "Cisco Unified Computing System Central Software Improper Certificate Validation Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Unified Computing System Central Software",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the certificate registration process of Cisco Unified Computing System (UCS) Central Software could allow an authenticated, adjacent attacker to register a rogue Cisco Unified Computing System Manager (UCSM). This vulnerability is due to improper certificate validation. An attacker could exploit this vulnerability by sending a crafted HTTP request to the registration API. A successful exploit could allow the attacker to register a rogue Cisco UCSM and gain access to Cisco UCS Central Software data and Cisco UCSM inventory data."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "4.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20210203 Cisco Unified Computing System Central Software Improper Certificate Validation Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-invcert-eOpRvCKH"
}
]
},
"source": {
"advisory": "cisco-sa-ucs-invcert-eOpRvCKH",
"defect": [
[
"CSCvw35850"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2021-1354",
"datePublished": "2021-02-04T16:40:25.473Z",
"dateReserved": "2020-11-13T00:00:00.000Z",
"dateUpdated": "2024-11-08T23:52:11.438Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.
Mitigation
If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.
CAPEC-459: Creating a Rogue Certification Authority Certificate
An adversary exploits a weakness resulting from using a hashing algorithm with weak collision resistance to generate certificate signing requests (CSR) that contain collision blocks in their "to be signed" parts. The adversary submits one CSR to be signed by a trusted certificate authority then uses the signed blob to make a second certificate appear signed by said certificate authority. Due to the hash collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the adversary's second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority.
CAPEC-475: Signature Spoofing by Improper Validation
An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.