CVE-2021-40836 - Vulnerability Details

Vendors	Products
Apple	Macos
F-secure	Atlant Elements Endpoint Detection And Response Elements Endpoint Protection Internet Gatekeeper Linux Security Linux Security 64
Microsoft	Windows

Link	Providers
https://www.f-secure.com/en/business/support-and-downloads/security-advisories

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "F-Secure endpoint protection products on Windows and Mac. F-Secure Linux Security (32-bit)  F-Secure Linux Security 64  F-Secure Atlant & F-Secure Internet Gatekeeper", "vendor": "F-Secure", "versions": [{"status": "affected", "version": "All Version "}]}], "descriptions": [{"lang": "en", "value": "A vulnerability affecting F-Secure antivirus engine was discovered whereby scanning MS outlook .pst files can lead to denial-of-service. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "Denial of Service Vulnerability ", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-12-22T18:07:19", "orgId": "126858f1-1b65-4b74-81ca-7034f7f7723f", "shortName": "F-SecureUS"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"}], "solutions": [{"lang": "en", "value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn update 2021-12-13_07"}], "source": {"discovery": "EXTERNAL"}, "title": "Denial-of-Service (DoS) Vulnerability", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve-notifications-us@f-secure.com", "ID": "CVE-2021-40836", "STATE": "PUBLIC", "TITLE": "Denial-of-Service (DoS) Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "F-Secure endpoint protection products on Windows and Mac. F-Secure Linux Security (32-bit)  F-Secure Linux Security 64  F-Secure Atlant & F-Secure Internet Gatekeeper", "version": {"version_data": [{"version_affected": "=", "version_value": "All Version "}]}}]}, "vendor_name": "F-Secure"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability affecting F-Secure antivirus engine was discovered whereby scanning MS outlook .pst files can lead to denial-of-service. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Denial of Service Vulnerability "}]}]}, "references": {"reference_data": [{"name": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories", "refsource": "MISC", "url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"}]}, "solution": [{"lang": "en", "value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn update 2021-12-13_07"}], "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T02:51:07.487Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"}]}]}, "cveMetadata": {"assignerOrgId": "126858f1-1b65-4b74-81ca-7034f7f7723f", "assignerShortName": "F-SecureUS", "cveId": "CVE-2021-40836", "datePublished": "2021-12-22T11:14:42", "dateReserved": "2021-09-09T00:00:00", "dateUpdated": "2024-08-04T02:51:07.487Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : F-Secure endpoint protection products on Windows and Mac. F-Secure Linux Security (32-bit) F-Secure Linux Security 64 F-Secure Atlant & F-Secure Internet Gatekeeper (string)

vendor : F-Secure (string)

versions : [ »

0 : { »

status : affected (string)

version : All Version (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : A vulnerability affecting F-Secure antivirus engine was discovered whereby scanning MS outlook .pst files can lead to denial-of-service. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine. (string)

}

]

metrics : [ »

0 : { »

cvssV3_1 : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : LOW (string)

baseScore : 4.6 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : LOW (string)

integrityImpact : NONE (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L (string)

version : 3.1 (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : Denial of Service Vulnerability (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2021-12-22T18:07:19 (string)

orgId : 126858f1-1b65-4b74-81ca-7034f7f7723f (string)

shortName : F-SecureUS (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://www.f-secure.com/en/business/support-and-downloads/security-advisories (string)

}

]

solutions : [ »

0 : { »

lang : en (string)

value : FIX No User action is required. The required fix has been published through automatic update channel with Capricorn update 2021-12-13_07 (string)

}

]

source : { »

discovery : EXTERNAL (string)

}

title : Denial-of-Service (DoS) Vulnerability (string)

x_generator : { »

engine : Vulnogram 0.0.9 (string)

}

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cve-notifications-us@f-secure.com (string)

ID : CVE-2021-40836 (string)

STATE : PUBLIC (string)

TITLE : Denial-of-Service (DoS) Vulnerability (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : F-Secure endpoint protection products on Windows and Mac. F-Secure Linux Security (32-bit) F-Secure Linux Security 64 F-Secure Atlant & F-Secure Internet Gatekeeper (string)

version : { »

version_data : [ »

0 : { »

version_affected : = (string)

version_value : All Version (string)

}

]

}

]

}

vendor_name : F-Secure (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : A vulnerability affecting F-Secure antivirus engine was discovered whereby scanning MS outlook .pst files can lead to denial-of-service. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine. (string)

}

]

}

generator : { »

engine : Vulnogram 0.0.9 (string)

}

impact : { »

cvss : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : LOW (string)

baseScore : 4.6 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : LOW (string)

integrityImpact : NONE (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L (string)

version : 3.1 (string)

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : Denial of Service Vulnerability (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://www.f-secure.com/en/business/support-and-downloads/security-advisories (string)

refsource : MISC (string)

url : https://www.f-secure.com/en/business/support-and-downloads/security-advisories (string)

}

]

}

solution : [ »

0 : { »

lang : en (string)

value : FIX No User action is required. The required fix has been published through automatic update channel with Capricorn update 2021-12-13_07 (string)

}

]

source : { »

discovery : EXTERNAL (string)

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-04T02:51:07.487Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://www.f-secure.com/en/business/support-and-downloads/security-advisories (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 126858f1-1b65-4b74-81ca-7034f7f7723f (string)

assignerShortName : F-SecureUS (string)

cveId : CVE-2021-40836 (string)

datePublished : 2021-12-22T11:14:42 (string)

dateReserved : 2021-09-09T00:00:00 (string)

dateUpdated : 2024-08-04T02:51:07.487Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f-secure:atlant:*:*:*:*:*:*:*:*", "matchCriteriaId": "0C97DC3C-1B63-4B57-8C62-ACD77D0A3E71", "vulnerable": true}, {"criteria": "cpe:2.3:a:f-secure:internet_gatekeeper:*:*:*:*:*:*:*:*", "matchCriteriaId": "88F6E1F2-02DA-48EE-B127-4933CCC80C5C", "vulnerable": true}, {"criteria": "cpe:2.3:a:f-secure:linux_security:*:*:*:*:*:*:x86:*", "matchCriteriaId": "F0152E70-F7A9-4785-8A43-78472F9A2C13", "vulnerable": true}, {"criteria": "cpe:2.3:a:f-secure:linux_security_64:*:*:*:*:*:*:*:*", "matchCriteriaId": "360DBC2B-2B93-461E-90C6-60C55FBD87B8", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f-secure:elements_endpoint_detection_and_response:*:*:*:*:*:*:*:*", "matchCriteriaId": "7F97045C-E576-49D3-9630-072E26F7D64F", "vulnerable": true}, {"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:*:*:*", "matchCriteriaId": "6DFC1F94-8A8B-42E2-887B-EE8FB3C9130D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability affecting F-Secure antivirus engine was discovered whereby scanning MS outlook .pst files can lead to denial-of-service. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine."}, {"lang": "es", "value": "Se ha detectado una vulnerabilidad que afecta al motor antivirus de F-Secure por la que el an\u00e1lisis de archivos .pst de MS outlook puede conllevar a una denegaci\u00f3n de servicio. La vulnerabilidad puede ser explotada remotamente por un atacante. Un ataque con \u00e9xito resultar\u00e1 en una denegaci\u00f3n de servicio del motor antivirus. Corregido en la actualizaci\u00f3n Capricorn 13-12-2021_07"}], "id": "CVE-2021-40836", "lastModified": "2024-11-21T06:24:53.407", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 2.5, "source": "cve-notifications-us@f-secure.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-12-22T12:15:07.827", "references": [{"source": "cve-notifications-us@f-secure.com", "tags": ["Vendor Advisory"], "url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"}], "sourceIdentifier": "cve-notifications-us@f-secure.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:f-secure:atlant:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 0C97DC3C-1B63-4B57-8C62-ACD77D0A3E71 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:f-secure:internet_gatekeeper:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 88F6E1F2-02DA-48EE-B127-4933CCC80C5C (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:f-secure:linux_security:*:*:*:*:*:*:x86:* (string)

matchCriteriaId : F0152E70-F7A9-4785-8A43-78472F9A2C13 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:f-secure:linux_security_64:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 360DBC2B-2B93-461E-90C6-60C55FBD87B8 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:f-secure:elements_endpoint_detection_and_response:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 7F97045C-E576-49D3-9630-072E26F7D64F (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 6DFC1F94-8A8B-42E2-887B-EE8FB3C9130D (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 387021A0-AF36-463C-A605-32EA7DAC172E (string)

vulnerable : false (boolean)

}

1 : { »

criteria : cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* (string)

matchCriteriaId : A2572D17-1DE6-457B-99CC-64AFD54487EA (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : A vulnerability affecting F-Secure antivirus engine was discovered whereby scanning MS outlook .pst files can lead to denial-of-service. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine. (string)

}

1 : { »

lang : es (string)

value : Se ha detectado una vulnerabilidad que afecta al motor antivirus de F-Secure por la que el análisis de archivos .pst de MS outlook puede conllevar a una denegación de servicio. La vulnerabilidad puede ser explotada remotamente por un atacante. Un ataque con éxito resultará en una denegación de servicio del motor antivirus. Corregido en la actualización Capricorn 13-12-2021_07 (string)

}

]

id : CVE-2021-40836 (string)

lastModified : 2024-11-21T06:24:53.407 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 4.3 (number)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

vectorString : AV:N/AC:M/Au:N/C:N/I:N/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 8.6 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : true (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : LOW (string)

baseScore : 4.6 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : LOW (string)

integrityImpact : NONE (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L (string)

version : 3.1 (string)

}

exploitabilityScore : 2.1 (number)

impactScore : 2.5 (number)

source : cve-notifications-us@f-secure.com (string)

type : Secondary (string)

}

1 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : HIGH (string)

baseScore : 5.5 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 1.8 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2021-12-22T12:15:07.827 (string)

references : [ »

0 : { »

source : cve-notifications-us@f-secure.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.f-secure.com/en/business/support-and-downloads/security-advisories (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.f-secure.com/en/business/support-and-downloads/security-advisories (string)

}

]

sourceIdentifier : cve-notifications-us@f-secure.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : NVD-CWE-noinfo (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact Low

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact Low

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object