CVE-2021-33600 - OpenCVE

A denial-of-service (DoS) vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. The vulnerability occurs because of an attacker can trigger assertion via malformed HTTP packet to web interface. An unauthenticated attacker could exploit this vulnerability by sending a large username parameter. A successful exploitation could lead to a denial-of-service of the product.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
F-secure	Internet Gatekeeper

Configuration 1 [-]

cpe:2.3:a:f-secure:internet_gatekeeper:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame
https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-33600

History

No history.

MITRE

Status: PUBLISHED

Assigner: F-SecureUS

Published: 2021-09-28T09:06:55

Updated: 2024-08-03T23:50:43.178Z

Reserved: 2021-05-27T00:00:00

Link: CVE-2021-33600

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-09-28T10:15:08.100

Modified: 2021-10-08T13:28:15.567

Link: CVE-2021-33600

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "F-Secure Internet Gatekeeper", "vendor": "F-Secure", "versions": [{"status": "affected", "version": "5 Series All Version "}]}], "descriptions": [{"lang": "en", "value": "A denial-of-service (DoS) vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. The vulnerability occurs because of an attacker can trigger assertion via malformed HTTP packet to web interface. An unauthenticated attacker could exploit this vulnerability by sending a large username parameter. A successful exploitation could lead to a denial-of-service of the product."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "Denial of Service Vulnerability in Web Interface of F-Secure Internet Gatekeeper", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-09-28T09:06:55", "orgId": "126858f1-1b65-4b74-81ca-7034f7f7723f", "shortName": "F-SecureUS"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame"}, {"tags": ["x_refsource_MISC"], "url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-33600"}], "solutions": [{"lang": "en", "value": "FIX: Hotfix 9 will be published to fix this vulnerability. Download and instructions available at: https://www.f-secure.com/en/business/downloads/internet-gatekeeper"}], "source": {"discovery": "EXTERNAL"}, "title": "Denial of Service Vulnerability in Web Interface of F-Secure Internet Gatekeeper", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve-notifications-us@f-secure.com", "ID": "CVE-2021-33600", "STATE": "PUBLIC", "TITLE": "Denial of Service Vulnerability in Web Interface of F-Secure Internet Gatekeeper"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "F-Secure Internet Gatekeeper", "version": {"version_data": [{"version_affected": "=", "version_name": "5 Series", "version_value": "All Version "}]}}]}, "vendor_name": "F-Secure"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A denial-of-service (DoS) vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. The vulnerability occurs because of an attacker can trigger assertion via malformed HTTP packet to web interface. An unauthenticated attacker could exploit this vulnerability by sending a large username parameter. A successful exploitation could lead to a denial-of-service of the product."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Denial of Service Vulnerability in Web Interface of F-Secure Internet Gatekeeper"}]}]}, "references": {"reference_data": [{"name": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame", "refsource": "MISC", "url": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame"}, {"name": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-33600", "refsource": "MISC", "url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-33600"}]}, "solution": [{"lang": "en", "value": "FIX: Hotfix 9 will be published to fix this vulnerability. Download and instructions available at: https://www.f-secure.com/en/business/downloads/internet-gatekeeper"}], "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T23:50:43.178Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-33600"}]}]}, "cveMetadata": {"assignerOrgId": "126858f1-1b65-4b74-81ca-7034f7f7723f", "assignerShortName": "F-SecureUS", "cveId": "CVE-2021-33600", "datePublished": "2021-09-28T09:06:55", "dateReserved": "2021-05-27T00:00:00", "dateUpdated": "2024-08-03T23:50:43.178Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f-secure:internet_gatekeeper:*:*:*:*:*:*:*:*", "matchCriteriaId": "936FB1DB-B0AF-4E46-AFB0-FF10D9A008DD", "versionEndIncluding": "5.50.47", "versionStartIncluding": "5.10", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A denial-of-service (DoS) vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. The vulnerability occurs because of an attacker can trigger assertion via malformed HTTP packet to web interface. An unauthenticated attacker could exploit this vulnerability by sending a large username parameter. A successful exploitation could lead to a denial-of-service of the product."}, {"lang": "es", "value": "Se ha detectado una vulnerabilidad de denegaci\u00f3n de servicio (DoS) en la interfaz de usuario web de F-Secure Internet Gatekeeper. La vulnerabilidad se produce porque un atacante puede desencadenar una aserci\u00f3n por medio de un paquete HTTP malformado a la interfaz web. Un atacante no autenticado podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de un par\u00e1metro de nombre de usuario grande. Una explotaci\u00f3n con \u00e9xito podr\u00eda conllevar a una denegaci\u00f3n de servicio del producto"}], "id": "CVE-2021-33600", "lastModified": "2021-10-08T13:28:15.567", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "cve-notifications-us@f-secure.com", "type": "Secondary"}]}, "published": "2021-09-28T10:15:08.100", "references": [{"source": "cve-notifications-us@f-secure.com", "tags": ["Vendor Advisory"], "url": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame"}, {"source": "cve-notifications-us@f-secure.com", "tags": ["Vendor Advisory"], "url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-33600"}], "sourceIdentifier": "cve-notifications-us@f-secure.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-617"}], "source": "nvd@nist.gov", "type": "Primary"}]}