CVE-2021-27450 - OpenCVE

SSH server configuration file does not implement some best practices. This could lead to a weakening of the SSH protocol strength, which could lead to additional misconfiguration or be leveraged as part of a larger attack on the MU320E (all firmware versions prior to v04A00.1).

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ge	Mu320e Mu320e Firmware

Configuration 1 [-]

AND

cpe:2.3:o:ge:mu320e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:mu320e:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://us-cert.cisa.gov/ics/advisories/icsa-21-082-02

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2021-03-25T19:30:27

Updated: 2024-08-03T20:48:17.146Z

Reserved: 2021-02-19T00:00:00

Link: CVE-2021-27450

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-03-25T20:15:13.163

Modified: 2021-03-29T19:20:07.520

Link: CVE-2021-27450

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "MU320E", "vendor": "n/a", "versions": [{"status": "affected", "version": "All firmware versions prior to v04A00.1"}]}], "descriptions": [{"lang": "en", "value": "SSH server configuration file does not implement some best practices. This could lead to a weakening of the SSH protocol strength, which could lead to additional misconfiguration or be leveraged as part of a larger attack on the MU320E (all firmware versions prior to v04A00.1)."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-326", "description": "INADEQUATE ENCRYPTION STRENGTH CWE-326", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-03-25T19:30:27", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-082-02"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2021-27450", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "MU320E", "version": {"version_data": [{"version_value": "All firmware versions prior to v04A00.1"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "SSH server configuration file does not implement some best practices. This could lead to a weakening of the SSH protocol strength, which could lead to additional misconfiguration or be leveraged as part of a larger attack on the MU320E (all firmware versions prior to v04A00.1)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "INADEQUATE ENCRYPTION STRENGTH CWE-326"}]}]}, "references": {"reference_data": [{"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-082-02", "refsource": "MISC", "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-082-02"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T20:48:17.146Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-082-02"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2021-27450", "datePublished": "2021-03-25T19:30:27", "dateReserved": "2021-02-19T00:00:00", "dateUpdated": "2024-08-03T20:48:17.146Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ge:mu320e_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B2B7FF17-31E3-4B8F-B1BE-DF91D6A0E654", "versionEndExcluding": "04a00.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ge:mu320e:-:*:*:*:*:*:*:*", "matchCriteriaId": "929DAA0C-CE27-4EE4-BD2A-14C55E3B4CEB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "SSH server configuration file does not implement some best practices. This could lead to a weakening of the SSH protocol strength, which could lead to additional misconfiguration or be leveraged as part of a larger attack on the MU320E (all firmware versions prior to v04A00.1)."}, {"lang": "es", "value": "Un archivo de configuraci\u00f3n del servidor SSH no implementa algunas de las mejores pr\u00e1cticas. Esto podr\u00eda conllevar a un debilitamiento de la fuerza del protocolo SSH, lo que podr\u00eda conllevar a una configuraci\u00f3n incorrecta adicional o aprovecharse como parte de un ataque mayor en el MU320E (todas las versiones de firmware anteriores a la v04A00.1)"}], "id": "CVE-2021-27450", "lastModified": "2021-03-29T19:20:07.520", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-03-25T20:15:13.163", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-082-02"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-326"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}]}