Auerswald COMpact 5500R devices before 8.2B allow Privilege Escalation via the passwd=1 substring.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Auerswald
  • Commander 6000r Ip
  • Commander 6000r Ip Firmware
  • Commander 6000rx Ip
  • Commander 6000rx Ip Firmware
  • Commander Basic.2\(19\"\) Ip
  • Commander Basic.2\(19\"\) Ip Firmware
  • Commander Business\(19\"\) Ip
  • Commander Business\(19\"\) Ip Firmware
  • Compact 4000 Ip Firmware
  • Compact 4000r Ip
  • Compact 5000r Ip
  • Compact 5000r Ip Firmware
  • Compact 5010 Voip Ip
  • Compact 5010 Voip Ip Firmware
  • Compact 5020 Voip Ip
  • Compact 5020 Voip Ip Firmware
  • Compact 5200r Ip
  • Compact 5200r Ip Firmware
  • Compact 5500r Ip
  • Compact 5500r Ip Firmware

Configuration 1 [-]

AND
cpe:2.3:o:auerswald:compact_5500r_ip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:auerswald:compact_5500r_ip:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:auerswald:compact_5200r_ip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:auerswald:compact_5200r_ip:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:auerswald:compact_5000r_ip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:auerswald:compact_5000r_ip:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:auerswald:compact_4000_ip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:auerswald:compact_4000r_ip:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:auerswald:commander_6000r_ip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:auerswald:commander_6000r_ip:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:auerswald:commander_6000rx_ip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:auerswald:commander_6000rx_ip:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:auerswald:commander_business\(19\"\)_ip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:auerswald:commander_business\(19\"\)_ip:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:auerswald:commander_basic.2\(19\"\)_ip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:auerswald:commander_basic.2\(19\"\)_ip:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:auerswald:compact_5010_voip_ip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:auerswald:compact_5010_voip_ip:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:o:auerswald:compact_5020_voip_ip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:auerswald:compact_5020_voip_ip:-:*:*:*:*:*:*:*

No data.

References
Link Providers
http://packetstormsecurity.com/files/165163/Auerswald-COMpact-8.0B-Privilege-Escalation.html cve-icon cve-icon
https://www.redteam-pentesting.de/advisories/rt-sa-2021-005 cve-icon cve-icon
https://www.redteam-pentesting.de/en/advisories/-advisories-publicised-vulnerability-analyses cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-12-13T03:24:17

Updated: 2024-08-04T02:51:07.415Z

Reserved: 2021-09-10T00:00:00

Link: CVE-2021-40857

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-12-13T04:15:07.023

Modified: 2024-11-21T06:24:56.803

Link: CVE-2021-40857

cve-icon Redhat

No data.