Common Weakness Enumeration

CWE-288

Authentication Bypass Using an Alternate Path or Channel

The product requires authentication, but the product has an alternate path or channel that does not require authentication.

CVE-2021-41292 (GCVE-0-2021-41292)

Vulnerability from cvelistv5 – Published: 2021-09-30 10:40 – Updated: 2024-09-17 03:32
VLAI
Title
ECOA BAS controller - Broken Authentication
Summary
ECOA BAS controller suffers from an authentication bypass vulnerability. An unauthenticated attacker through cookie poisoning can remotely bypass authentication and disclose sensitive information and circumvent physical access controls in smart homes and buildings and manipulate HVAC.
CWE
  • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
Impacted products
Vendor Product Version
ECOA ECS Router Controller ECS (FLASH) Unknown: next of 0 , < unspecified (custom)
Create a notification for this product.
ECOA RiskBuster Terminator E6L45 Unknown: next of 0 , < unspecified (custom)
Create a notification for this product.
ECOA RiskBuster System RB 3.0.0 Unknown: next of 0 , < unspecified (custom)
Create a notification for this product.
ECOA RiskBuster System TRANE 1.0 Unknown: next of 0 , < unspecified (custom)
Create a notification for this product.
ECOA Graphic Control Software Unknown: next of 0 , < unspecified (custom)
Create a notification for this product.
ECOA SmartHome II E9246 Unknown: next of 0 , < unspecified (custom)
Create a notification for this product.
ECOA RiskTerminator Unknown: next of 0 , < unspecified (custom)
Create a notification for this product.
Date Public
2021-09-30 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T03:08:31.993Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.twcert.org.tw/tw/cp-132-5128-b075a-1.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ECS Router Controller ECS (FLASH)",
          "vendor": "ECOA",
          "versions": [
            {
              "lessThan": "unspecified",
              "status": "unknown",
              "version": "next of 0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "RiskBuster Terminator E6L45",
          "vendor": "ECOA",
          "versions": [
            {
              "lessThan": "unspecified",
              "status": "unknown",
              "version": "next of 0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "RiskBuster System RB 3.0.0",
          "vendor": "ECOA",
          "versions": [
            {
              "lessThan": "unspecified",
              "status": "unknown",
              "version": "next of 0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "RiskBuster System TRANE 1.0",
          "vendor": "ECOA",
          "versions": [
            {
              "lessThan": "unspecified",
              "status": "unknown",
              "version": "next of 0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Graphic Control Software",
          "vendor": "ECOA",
          "versions": [
            {
              "lessThan": "unspecified",
              "status": "unknown",
              "version": "next of 0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "SmartHome II E9246",
          "vendor": "ECOA",
          "versions": [
            {
              "lessThan": "unspecified",
              "status": "unknown",
              "version": "next of 0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "RiskTerminator",
          "vendor": "ECOA",
          "versions": [
            {
              "lessThan": "unspecified",
              "status": "unknown",
              "version": "next of 0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-09-30T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "ECOA BAS controller suffers from an authentication bypass vulnerability. An unauthenticated attacker through cookie poisoning can remotely bypass authentication and disclose sensitive information and circumvent physical access controls in smart homes and buildings and manipulate HVAC."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-09-30T10:40:52.000Z",
        "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "shortName": "twcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.twcert.org.tw/tw/cp-132-5128-b075a-1.html"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Contact tech support from ECOA."
        }
      ],
      "source": {
        "advisory": "TVN-202109008",
        "discovery": "EXTERNAL"
      },
      "title": "ECOA BAS controller - Broken Authentication",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "AKA": "TWCERT/CC",
          "ASSIGNER": "cve@cert.org.tw",
          "DATE_PUBLIC": "2021-09-30T10:13:00.000Z",
          "ID": "CVE-2021-41292",
          "STATE": "PUBLIC",
          "TITLE": "ECOA BAS controller - Broken Authentication"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "ECS Router Controller ECS (FLASH)",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "?\u003e",
                            "version_value": "0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "RiskBuster Terminator E6L45",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "?\u003e",
                            "version_value": "0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "RiskBuster System RB 3.0.0",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "?\u003e",
                            "version_value": "0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "RiskBuster System TRANE 1.0",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "?\u003e",
                            "version_value": "0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Graphic Control Software",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "?\u003e",
                            "version_value": "0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SmartHome II E9246",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "?\u003e",
                            "version_value": "0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "RiskTerminator",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "?\u003e",
                            "version_value": "0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "ECOA"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "ECOA BAS controller suffers from an authentication bypass vulnerability. An unauthenticated attacker through cookie poisoning can remotely bypass authentication and disclose sensitive information and circumvent physical access controls in smart homes and buildings and manipulate HVAC."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-288 Authentication Bypass Using an Alternate Path or Channel"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.twcert.org.tw/tw/cp-132-5128-b075a-1.html",
              "refsource": "MISC",
              "url": "https://www.twcert.org.tw/tw/cp-132-5128-b075a-1.html"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Contact tech support from ECOA."
          }
        ],
        "source": {
          "advisory": "TVN-202109008",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
    "assignerShortName": "twcert",
    "cveId": "CVE-2021-41292",
    "datePublished": "2021-09-30T10:40:52.625Z",
    "dateReserved": "2021-09-15T00:00:00.000Z",
    "dateUpdated": "2024-09-17T03:32:30.239Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-41992 (GCVE-0-2021-41992)

Vulnerability from cvelistv5 – Published: 2022-04-30 21:15 – Updated: 2024-08-04 03:22
VLAI
Title
PingID Windows Login RSA cryptographic weakness with possible offline MFA bypass
Summary
A misconfiguration of RSA in PingID Windows Login prior to 2.7 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass.
CWE
  • CWE-310 - Cryptographic Issues
  • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
Impacted products
Vendor Product Version
Ping Identity PingID Windows Login Affected: unspecified , < 2.7 (custom)
Create a notification for this product.
Credits
Ping Identity credits The Commonwealth Bank of Australia for the discovery of this vulnerability.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T03:22:25.674Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.pingidentity.com/en/resources/downloads/pingid.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://docs.pingidentity.com/bundle/pingid/page/klc1641469599716.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "Windows"
          ],
          "product": "PingID Windows Login",
          "vendor": "Ping Identity",
          "versions": [
            {
              "lessThan": "2.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Ping Identity credits The Commonwealth Bank of Australia for the discovery of this vulnerability."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A misconfiguration of RSA in PingID Windows Login prior to 2.7 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-310",
              "description": "CWE-310 Cryptographic Issues",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-30T21:15:19.000Z",
        "orgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
        "shortName": "Ping Identity"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.pingidentity.com/en/resources/downloads/pingid.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://docs.pingidentity.com/bundle/pingid/page/klc1641469599716.html"
        }
      ],
      "source": {
        "advisory": "SECADV030",
        "discovery": "EXTERNAL"
      },
      "title": "PingID Windows Login RSA cryptographic weakness with possible offline MFA bypass",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "responsible-disclosure@pingidentity.com",
          "ID": "CVE-2021-41992",
          "STATE": "PUBLIC",
          "TITLE": "PingID Windows Login RSA cryptographic weakness with possible offline MFA bypass"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "PingID Windows Login",
                      "version": {
                        "version_data": [
                          {
                            "platform": "Windows",
                            "version_affected": "\u003c",
                            "version_value": "2.7"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Ping Identity"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Ping Identity credits The Commonwealth Bank of Australia for the discovery of this vulnerability."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A misconfiguration of RSA in PingID Windows Login prior to 2.7 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-310 Cryptographic Issues"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-288 Authentication Bypass Using an Alternate Path or Channel"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.pingidentity.com/en/resources/downloads/pingid.html",
              "refsource": "MISC",
              "url": "https://www.pingidentity.com/en/resources/downloads/pingid.html"
            },
            {
              "name": "https://docs.pingidentity.com/bundle/pingid/page/klc1641469599716.html",
              "refsource": "MISC",
              "url": "https://docs.pingidentity.com/bundle/pingid/page/klc1641469599716.html"
            }
          ]
        },
        "source": {
          "advisory": "SECADV030",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
    "assignerShortName": "Ping Identity",
    "cveId": "CVE-2021-41992",
    "datePublished": "2022-04-30T21:15:19.000Z",
    "dateReserved": "2021-10-04T00:00:00.000Z",
    "dateUpdated": "2024-08-04T03:22:25.674Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-41995 (GCVE-0-2021-41995)

Vulnerability from cvelistv5 – Published: 2022-06-30 19:25 – Updated: 2024-08-04 03:22
VLAI
Title
PingID Mac Login prior to 1.1 vulnerable to pre-computed dictionary attacks
Summary
A misconfiguration of RSA in PingID Mac Login prior to 1.1 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass.
CWE
  • CWE-310 - Cryptographic Issues
  • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
Impacted products
Vendor Product Version
Ping Identity PingID Mac Login Affected: unspecified , < 1.1 (custom)
Create a notification for this product.
Credits
Ping Identity credits The Commonwealth Bank of Australia for the discovery of this vulnerability.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T03:22:25.641Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.pingidentity.com/en/resources/downloads/pingid.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://docs.pingidentity.com/bundle/pingid/page/hnh1653583508549.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "macOS"
          ],
          "product": "PingID Mac Login",
          "vendor": "Ping Identity",
          "versions": [
            {
              "lessThan": "1.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Ping Identity credits The Commonwealth Bank of Australia for the discovery of this vulnerability."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A misconfiguration of RSA in PingID Mac Login prior to 1.1 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-310",
              "description": "CWE-310 Cryptographic Issues",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-30T19:25:23.000Z",
        "orgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
        "shortName": "Ping Identity"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.pingidentity.com/en/resources/downloads/pingid.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://docs.pingidentity.com/bundle/pingid/page/hnh1653583508549.html"
        }
      ],
      "source": {
        "advisory": "SECADV031",
        "discovery": "EXTERNAL"
      },
      "title": "PingID Mac Login prior to 1.1 vulnerable to pre-computed dictionary attacks",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "responsible-disclosure@pingidentity.com",
          "ID": "CVE-2021-41995",
          "STATE": "PUBLIC",
          "TITLE": "PingID Mac Login prior to 1.1 vulnerable to pre-computed dictionary attacks"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "PingID Mac Login",
                      "version": {
                        "version_data": [
                          {
                            "platform": "macOS",
                            "version_affected": "\u003c",
                            "version_value": "1.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Ping Identity"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Ping Identity credits The Commonwealth Bank of Australia for the discovery of this vulnerability."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A misconfiguration of RSA in PingID Mac Login prior to 1.1 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-310 Cryptographic Issues"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-288 Authentication Bypass Using an Alternate Path or Channel"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.pingidentity.com/en/resources/downloads/pingid.html",
              "refsource": "MISC",
              "url": "https://www.pingidentity.com/en/resources/downloads/pingid.html"
            },
            {
              "name": "https://docs.pingidentity.com/bundle/pingid/page/hnh1653583508549.html",
              "refsource": "MISC",
              "url": "https://docs.pingidentity.com/bundle/pingid/page/hnh1653583508549.html"
            }
          ]
        },
        "source": {
          "advisory": "SECADV031",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
    "assignerShortName": "Ping Identity",
    "cveId": "CVE-2021-41995",
    "datePublished": "2022-06-30T19:25:23.000Z",
    "dateReserved": "2021-10-04T00:00:00.000Z",
    "dateUpdated": "2024-08-04T03:22:25.641Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-4353 (GCVE-0-2021-4353)

Vulnerability from cvelistv5 – Published: 2023-10-20 06:35 – Updated: 2026-04-08 16:55
VLAI
Title
WooCommerce Dynamic Pricing and Discounts <= 2.4.1 - Unauthenticated Settings Import/Export
Summary
The WooCommerce Dynamic Pricing and Discounts plugin for WordPress is vulnerable to unauthenticated settings export in versions up to, and including, 2.4.1. This is due to missing authorization on the export() function which makes makes it possible for unauthenticated attackers to export the plugin's settings.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
Impacted products
Credits
Jerome Bruandet
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:23:10.457Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5c1e6685-44a7-452e-89ab-b9fffb65a12b?source=cve"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://blog.nintechnet.com/woocommerce-dynamic-pricing-and-discounts-plugin-fixed-multiple-vulnerabilities/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-4353",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-16T18:15:54.725255Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-16T18:16:07.197Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "WooCommerce Dynamic Pricing and Discounts",
          "vendor": "RightPress",
          "versions": [
            {
              "lessThan": "2.4.2",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Jerome Bruandet"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The WooCommerce Dynamic Pricing and Discounts plugin for WordPress is vulnerable to unauthenticated settings export in versions up to, and including, 2.4.1. This is due to missing authorization on the export() function which makes makes it possible for unauthenticated attackers to export the plugin\u0027s settings."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T16:55:32.168Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5c1e6685-44a7-452e-89ab-b9fffb65a12b?source=cve"
        },
        {
          "url": "https://blog.nintechnet.com/woocommerce-dynamic-pricing-and-discounts-plugin-fixed-multiple-vulnerabilities/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2021-08-31T00:00:00.000Z",
          "value": "Disclosed"
        }
      ],
      "title": "WooCommerce Dynamic Pricing and Discounts \u003c= 2.4.1 - Unauthenticated Settings Import/Export"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2021-4353",
    "datePublished": "2023-10-20T06:35:25.115Z",
    "dateReserved": "2023-06-06T12:46:11.570Z",
    "dateUpdated": "2026-04-08T16:55:32.168Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2021-4373 (GCVE-0-2021-4373)

Vulnerability from cvelistv5 – Published: 2023-06-07 01:51 – Updated: 2026-04-08 17:24
VLAI
Title
Better Search <= 2.5.2 - Cross-Site Request Forgery to Settings Import
Summary
The Better Search plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.2. This makes it possible for unauthenticated attackers to import settings via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
Impacted products
Credits
Jerome Bruandet
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:23:10.723Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cfc6c595-dad2-4abc-8187-ed72355273b8?source=cve"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/changeset/2473344"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-4373",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-23T16:00:50.855142Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-23T16:20:59.529Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Better Search \u2013 Relevant search results for WordPress",
          "vendor": "ajay",
          "versions": [
            {
              "lessThan": "2.5.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Jerome Bruandet"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Better Search plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.2. This makes it possible for unauthenticated attackers to import settings via forged request granted they can trick a site administrator into performing an action such as clicking on a link."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T17:24:42.876Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cfc6c595-dad2-4abc-8187-ed72355273b8?source=cve"
        },
        {
          "url": "https://plugins.trac.wordpress.org/changeset/2473344"
        },
        {
          "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2021-03-01T00:00:00.000Z",
          "value": "Disclosed"
        }
      ],
      "title": "Better Search \u003c= 2.5.2 - Cross-Site Request Forgery to Settings Import"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2021-4373",
    "datePublished": "2023-06-07T01:51:43.709Z",
    "dateReserved": "2023-06-06T13:18:29.478Z",
    "dateUpdated": "2026-04-08T17:24:42.876Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2021-43935 (GCVE-0-2021-43935)

Vulnerability from cvelistv5 – Published: 2021-12-15 18:05 – Updated: 2024-09-16 23:11
VLAI
Title
ICSMA-21-343-01 Hillrom Welch Allyn Cardio Products
Summary
The impacted products, when configured to use SSO, are affected by an improper authentication vulnerability. This vulnerability allows the application to accept manual entry of any active directory (AD) account provisioned in the application without supplying a password, resulting in access to the application as the supplied AD account, with all associated privileges.
CWE
  • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
Date Public
2021-12-09 00:00
Credits
Hillrom reported this vulnerability to CISA
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T04:10:16.298Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-343-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Welch Allyn Q-Stress Cardiac Stress Testing System",
          "vendor": "Hillrom",
          "versions": [
            {
              "lessThanOrEqual": "6.3.1",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Welch Allyn X-Scribe Cardiac Stress Testing System",
          "vendor": "Hillrom",
          "versions": [
            {
              "lessThanOrEqual": "6.3.1",
              "status": "affected",
              "version": "5.01",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Welch Allyn Diagnostic Cardiology Suite",
          "vendor": "Hillrom",
          "versions": [
            {
              "status": "affected",
              "version": "2.1.0"
            }
          ]
        },
        {
          "product": "Welch Allyn Vision Express",
          "vendor": "Hillrom",
          "versions": [
            {
              "lessThanOrEqual": "6.4.0",
              "status": "affected",
              "version": "6.1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Welch Allyn H-Scribe Holter Analysis System",
          "vendor": "Hillrom",
          "versions": [
            {
              "lessThanOrEqual": "6.4.0",
              "status": "affected",
              "version": "5.01",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Welch Allyn R-Scribe Resting ECG System",
          "vendor": "Hillrom",
          "versions": [
            {
              "lessThanOrEqual": "7.0.0",
              "status": "affected",
              "version": "5.01",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Welch Allyn Connex Cardio",
          "vendor": "Hillrom",
          "versions": [
            {
              "lessThanOrEqual": "1.1.1",
              "status": "affected",
              "version": "1.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Hillrom reported this vulnerability to CISA"
        }
      ],
      "datePublic": "2021-12-09T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The impacted products, when configured to use SSO, are affected by an improper authentication vulnerability. This vulnerability allows the application to accept manual entry of any active directory (AD) account provisioned in the application without supplying a password, resulting in access to the application as the supplied AD account, with all associated privileges."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-12-15T18:05:16.000Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-343-01"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Hillrom recommends users upgrade to the latest product versions when updated products are available. Information on how to update these products to their new versions can be found on the Hillrom disclosure page."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "ICSMA-21-343-01 Hillrom Welch Allyn Cardio Products",
      "workarounds": [
        {
          "lang": "en",
          "value": "-Disable the SSO feature in the respective Modality Manager Configuration settings. Please refer to the instructions for use (IFU) and/or service manual for instructions on how to disable SSO.\n-Apply proper network and physical security controls.\n-Apply authentication for server access."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "DATE_PUBLIC": "2021-12-09T17:10:00.000Z",
          "ID": "CVE-2021-43935",
          "STATE": "PUBLIC",
          "TITLE": "ICSMA-21-343-01 Hillrom Welch Allyn Cardio Products"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Welch Allyn Q-Stress Cardiac Stress Testing System",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "6.0.0",
                            "version_value": "6.3.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Welch Allyn X-Scribe Cardiac Stress Testing System",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "5.01",
                            "version_value": "6.3.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Welch Allyn Diagnostic Cardiology Suite",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_name": "2.1.0",
                            "version_value": "2.1.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Welch Allyn Vision Express",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "6.1.0",
                            "version_value": "6.4.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Welch Allyn H-Scribe Holter Analysis System",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "5.01",
                            "version_value": "6.4.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Welch Allyn R-Scribe Resting ECG System",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "5.01",
                            "version_value": "7.0.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Welch Allyn Connex Cardio",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "1.0.0",
                            "version_value": "1.1.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Hillrom"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Hillrom reported this vulnerability to CISA"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The impacted products, when configured to use SSO, are affected by an improper authentication vulnerability. This vulnerability allows the application to accept manual entry of any active directory (AD) account provisioned in the application without supplying a password, resulting in access to the application as the supplied AD account, with all associated privileges."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-288 Authentication Bypass Using an Alternate Path or Channel"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-343-01",
              "refsource": "MISC",
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-343-01"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Hillrom recommends users upgrade to the latest product versions when updated products are available. Information on how to update these products to their new versions can be found on the Hillrom disclosure page."
          }
        ],
        "source": {
          "discovery": "UNKNOWN"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "-Disable the SSO feature in the respective Modality Manager Configuration settings. Please refer to the instructions for use (IFU) and/or service manual for instructions on how to disable SSO.\n-Apply proper network and physical security controls.\n-Apply authentication for server access."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2021-43935",
    "datePublished": "2021-12-15T18:05:16.799Z",
    "dateReserved": "2021-11-16T00:00:00.000Z",
    "dateUpdated": "2024-09-16T23:11:47.219Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-43985 (GCVE-0-2021-43985)

Vulnerability from cvelistv5 – Published: 2021-12-23 19:48 – Updated: 2024-09-16 17:14
VLAI
Title
mySCADA myPRO
Summary
An unauthenticated remote attacker can access mySCADA myPRO Versions 8.20.0 and prior without any form of authentication or authorization.
CWE
  • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
Impacted products
Vendor Product Version
mySCADA myPRO Affected: All , ≤ 8.20.0 (custom)
Create a notification for this product.
Date Public
2021-12-21 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T04:10:17.143Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "myPRO",
          "vendor": "mySCADA",
          "versions": [
            {
              "lessThanOrEqual": "8.20.0",
              "status": "affected",
              "version": "All",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-12-21T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "An unauthenticated remote attacker can access mySCADA myPRO Versions 8.20.0 and prior without any form of authentication or authorization."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-12-23T19:48:40.000Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "mySCADA recommends users upgrade to Version 8.22.0 or higher. For more information, contact mySCADA technical support."
        }
      ],
      "source": {
        "advisory": "ICSA-21-355-01",
        "discovery": "UNKNOWN"
      },
      "title": "mySCADA myPRO",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "DATE_PUBLIC": "2021-12-21T17:26:00.000Z",
          "ID": "CVE-2021-43985",
          "STATE": "PUBLIC",
          "TITLE": "mySCADA myPRO"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "myPRO",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "All",
                            "version_value": "8.20.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "mySCADA"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An unauthenticated remote attacker can access mySCADA myPRO Versions 8.20.0 and prior without any form of authentication or authorization."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-288 Authentication Bypass Using an Alternate Path or Channel"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01",
              "refsource": "MISC",
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "mySCADA recommends users upgrade to Version 8.22.0 or higher. For more information, contact mySCADA technical support."
          }
        ],
        "source": {
          "advisory": "ICSA-21-355-01",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2021-43985",
    "datePublished": "2021-12-23T19:48:40.631Z",
    "dateReserved": "2021-11-17T00:00:00.000Z",
    "dateUpdated": "2024-09-16T17:14:15.304Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-0992 (GCVE-0-2022-0992)

Vulnerability from cvelistv5 – Published: 2022-04-19 20:26 – Updated: 2026-04-08 16:59
VLAI
Title
SiteGround Security <= 1.2.5 - Authentication Bypass via 2FA Setup
Summary
The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows unauthenticated users to log in as administrative users due to missing identity verification on initial 2FA set-up that allows unauthenticated and unauthorized users to configure 2FA for pending accounts. Upon successful configuration, the attacker is logged in as that user without access to a username/password pair which is the expected first form of authentication. This affects versions up to, and including, 1.2.5.
SSVC
Exploitation: poc Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
  • CWE-306 - Missing Authentication for Critical Function
Assigner
Impacted products
Credits
Chloe Chamberland
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:47:42.986Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6e5c6bf7-a653-4571-9566-574d2bb35c4f?source=cve"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.wordfence.com/blog/2022/04/critical-authentication-bypass-vulnerability-patched-in-siteground-security-plugin/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/changeset/2706302"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-0992",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T13:17:59.562151Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-306",
                "description": "CWE-306 Missing Authentication for Critical Function",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-05T16:43:36.718Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Security Optimizer \u2013 The All-In-One Protection Plugin",
          "vendor": "siteground",
          "versions": [
            {
              "lessThanOrEqual": "1.2.5",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Chloe Chamberland"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows unauthenticated users to log in as administrative users due to missing identity verification on initial 2FA set-up that allows unauthenticated and unauthorized users to configure 2FA for pending accounts. Upon successful configuration, the attacker is logged in as that user without access to a username/password pair which is the expected first form of authentication. This affects versions up to, and including, 1.2.5."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T16:59:40.026Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6e5c6bf7-a653-4571-9566-574d2bb35c4f?source=cve"
        },
        {
          "url": "https://www.wordfence.com/blog/2022/04/critical-authentication-bypass-vulnerability-patched-in-siteground-security-plugin/"
        },
        {
          "url": "https://plugins.trac.wordpress.org/changeset/2706302"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2022-04-06T00:00:00.000Z",
          "value": "Disclosed"
        }
      ],
      "title": "SiteGround Security \u003c= 1.2.5 - Authentication Bypass via 2FA Setup"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2022-0992",
    "datePublished": "2022-04-19T20:26:33.000Z",
    "dateReserved": "2022-03-16T00:00:00.000Z",
    "dateUpdated": "2026-04-08T16:59:40.026Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2022-1067 (GCVE-0-2022-1067)

Vulnerability from cvelistv5 – Published: 2022-04-11 19:38 – Updated: 2025-04-16 16:31
VLAI
Title
ICSMA-22-095-01 LifePoint Informatics Patient Portal
Summary
Navigating to a specific URL with a patient ID number will result in the server generating a PDF of a lab report without authentication and rate limiting.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
Impacted products
Vendor Product Version
LifePoint Informatics Patient Portal Affected: All , < LPI 3.5.12.P30 (custom)
Create a notification for this product.
Date Public
2022-04-05 00:00
Credits
Andrew Perrong reported this vulnerability to CISA.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:47:43.331Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-095-01"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-1067",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-16T15:54:50.788273Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-16T16:31:04.569Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Patient Portal",
          "vendor": "LifePoint Informatics",
          "versions": [
            {
              "lessThan": "LPI 3.5.12.P30",
              "status": "affected",
              "version": "All",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Andrew Perrong reported this vulnerability to CISA."
        }
      ],
      "datePublic": "2022-04-05T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Navigating to a specific URL with a patient ID number will result in the server generating a PDF of a lab report without authentication and rate limiting."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-11T19:38:15.000Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-095-01"
        }
      ],
      "source": {
        "advisory": "ICSMA-22-095-01",
        "discovery": "EXTERNAL"
      },
      "title": "ICSMA-22-095-01 LifePoint Informatics Patient Portal",
      "workarounds": [
        {
          "lang": "en",
          "value": "LifePoint Informatics released and deployed updated Version LPI 3.5.15 in February of 2022, which mitigated this vulnerability. LifePoint Informatics Patient Portal is a hosted application and users don\u2019t need to take any action."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "DATE_PUBLIC": "2022-04-05T17:00:00.000Z",
          "ID": "CVE-2022-1067",
          "STATE": "PUBLIC",
          "TITLE": "ICSMA-22-095-01 LifePoint Informatics Patient Portal"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Patient Portal",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "All",
                            "version_value": "LPI 3.5.12.P30"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "LifePoint Informatics"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Andrew Perrong reported this vulnerability to CISA."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Navigating to a specific URL with a patient ID number will result in the server generating a PDF of a lab report without authentication and rate limiting."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-288 Authentication Bypass Using an Alternate Path or Channel"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-095-01",
              "refsource": "MISC",
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-095-01"
            }
          ]
        },
        "source": {
          "advisory": "ICSMA-22-095-01",
          "discovery": "EXTERNAL"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "LifePoint Informatics released and deployed updated Version LPI 3.5.15 in February of 2022, which mitigated this vulnerability. LifePoint Informatics Patient Portal is a hosted application and users don\u2019t need to take any action."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2022-1067",
    "datePublished": "2022-04-11T19:38:15.631Z",
    "dateReserved": "2022-03-24T00:00:00.000Z",
    "dateUpdated": "2025-04-16T16:31:04.569Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-1681 (GCVE-0-2022-1681)

Vulnerability from cvelistv5 – Published: 2022-05-12 07:45 – Updated: 2024-08-03 00:10
VLAI
Title
Authentication Bypass Using an Alternate Path or Channel in requarks/wiki
Summary
Authentication Bypass Using an Alternate Path or Channel in GitHub repository requarks/wiki prior to 2.5.281. User can get root user permissions
CWE
  • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
Impacted products
Vendor Product Version
requarks requarks/wiki Affected: unspecified , < 2.5.281 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:10:03.788Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://huntr.dev/bounties/591b11e1-7504-4a96-99c6-08f2b419e767"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/requarks/wiki/commit/78d02dc8e5d103d248e5d7632bf7a6facdf4264c"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "requarks/wiki",
          "vendor": "requarks",
          "versions": [
            {
              "lessThan": "2.5.281",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Authentication Bypass Using an Alternate Path or Channel in GitHub repository requarks/wiki prior to 2.5.281. User can get root user permissions"
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-05-12T07:45:14.000Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntrdev"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://huntr.dev/bounties/591b11e1-7504-4a96-99c6-08f2b419e767"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/requarks/wiki/commit/78d02dc8e5d103d248e5d7632bf7a6facdf4264c"
        }
      ],
      "source": {
        "advisory": "591b11e1-7504-4a96-99c6-08f2b419e767",
        "discovery": "EXTERNAL"
      },
      "title": "Authentication Bypass Using an Alternate Path or Channel in requarks/wiki",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@huntr.dev",
          "ID": "CVE-2022-1681",
          "STATE": "PUBLIC",
          "TITLE": "Authentication Bypass Using an Alternate Path or Channel in requarks/wiki"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "requarks/wiki",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "2.5.281"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "requarks"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Authentication Bypass Using an Alternate Path or Channel in GitHub repository requarks/wiki prior to 2.5.281. User can get root user permissions"
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-288 Authentication Bypass Using an Alternate Path or Channel"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://huntr.dev/bounties/591b11e1-7504-4a96-99c6-08f2b419e767",
              "refsource": "CONFIRM",
              "url": "https://huntr.dev/bounties/591b11e1-7504-4a96-99c6-08f2b419e767"
            },
            {
              "name": "https://github.com/requarks/wiki/commit/78d02dc8e5d103d248e5d7632bf7a6facdf4264c",
              "refsource": "MISC",
              "url": "https://github.com/requarks/wiki/commit/78d02dc8e5d103d248e5d7632bf7a6facdf4264c"
            }
          ]
        },
        "source": {
          "advisory": "591b11e1-7504-4a96-99c6-08f2b419e767",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntrdev",
    "cveId": "CVE-2022-1681",
    "datePublished": "2022-05-12T07:45:14.000Z",
    "dateReserved": "2022-05-12T00:00:00.000Z",
    "dateUpdated": "2024-08-03T00:10:03.788Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation

Phase: Architecture and Design

Description:

  • Funnel all access through a single choke point to simplify how users can access a resource. For every access, perform a check to determine if the user has permissions to access the resource.
CAPEC-127: Directory Indexing

An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.

CAPEC-665: Exploitation of Thunderbolt Protection Flaws

An adversary leverages a firmware weakness within the Thunderbolt protocol, on a computing device to manipulate Thunderbolt controller firmware in order to exploit vulnerabilities in the implementation of authorization and verification schemes within Thunderbolt protection mechanisms. Upon gaining physical access to a target device, the adversary conducts high-level firmware manipulation of the victim Thunderbolt controller SPI (Serial Peripheral Interface) flash, through the use of a SPI Programing device and an external Thunderbolt device, typically as the target device is booting up. If successful, this allows the adversary to modify memory, subvert authentication mechanisms, spoof identities and content, and extract data and memory from the target device. Currently 7 major vulnerabilities exist within Thunderbolt protocol with 9 attack vectors as noted in the Execution Flow.

Back to CWE stats page