CVE-2021-44769 - OpenCVE

An improper input validation vulnerability in the TLS certificate generation function allows an attacker to cause a Denial-of-Service (DoS) condition which can only be reverted via a factory reset. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Lannerinc	Iac-ast2500a Iac-ast2500a Firmware

Configuration 1 [-]

AND

cpe:2.3:o:lannerinc:iac-ast2500a_firmware:1.10.0:*:*:*:*:*:*:*

cpe:2.3:h:lannerinc:iac-ast2500a:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.nozominetworks.com/blog/vulnerabilities-in-bmc-firmware-affect-ot-iot-device-security-part-1/
https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-44769/

History

No history.

MITRE

Status: PUBLISHED

Assigner: Nozomi

Published: 2022-10-24T00:00:00

Updated: 2024-08-04T04:32:13.286Z

Reserved: 2022-05-13T00:00:00

Link: CVE-2021-44769

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-10-24T14:15:49.733

Modified: 2023-02-03T15:10:48.427

Link: CVE-2021-44769

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2021-44769", "assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c", "assignerShortName": "Nozomi", "dateUpdated": "2024-08-04T04:32:13.286Z", "dateReserved": "2022-05-13T00:00:00", "datePublished": "2022-10-24T00:00:00"}, "containers": {"cna": {"title": "TLS Certificate Generation Function Improper Input Validation", "providerMetadata": {"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c", "shortName": "Nozomi", "dateUpdated": "2022-12-01T00:00:00"}, "descriptions": [{"lang": "en", "value": "An improper input validation vulnerability in the TLS certificate generation function allows an attacker to cause a Denial-of-Service (DoS) condition which can only be reverted via a factory reset. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0."}], "affected": [{"vendor": "Lanner Inc", "product": "IAC-AST2500A", "versions": [{"version": "1.10.0", "status": "affected"}]}], "references": [{"url": "https://www.nozominetworks.com/blog/vulnerabilities-in-bmc-firmware-affect-ot-iot-device-security-part-1/"}, {"url": "https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-44769/"}], "credits": [{"lang": "en", "value": "Andrea Palanca of Nozomi Networks found this bug during a security research activity."}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-20 Improper Input Validation", "cweId": "CWE-20"}]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "source": {"advisory": "https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-44769/", "discovery": "EXTERNAL"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T04:32:13.286Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.nozominetworks.com/blog/vulnerabilities-in-bmc-firmware-affect-ot-iot-device-security-part-1/", "tags": ["x_transferred"]}, {"url": "https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-44769/", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lannerinc:iac-ast2500a_firmware:1.10.0:*:*:*:*:*:*:*", "matchCriteriaId": "8DD71184-078B-4B7E-BCB5-11E55B5928B7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lannerinc:iac-ast2500a:-:*:*:*:*:*:*:*", "matchCriteriaId": "9007683B-45DA-471A-9CCB-A587DED8D973", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An improper input validation vulnerability in the TLS certificate generation function allows an attacker to cause a Denial-of-Service (DoS) condition which can only be reverted via a factory reset. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0."}, {"lang": "es", "value": "Una vulnerabilidad de comprobaci\u00f3n de entrada inapropiada en la funci\u00f3n de generaci\u00f3n de certificados TLS permite a un atacante causar una condici\u00f3n de Denegaci\u00f3n de Servicio (DoS) que s\u00f3lo puede revertirse por medio de un restablecimiento de f\u00e1brica. Este problema afecta a: Lanner Inc IAC-AST2500A versi\u00f3n de firmware est\u00e1ndar 1.10.0"}], "id": "CVE-2021-44769", "lastModified": "2023-02-03T15:10:48.427", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "prodsec@nozominetworks.com", "type": "Secondary"}]}, "published": "2022-10-24T14:15:49.733", "references": [{"source": "prodsec@nozominetworks.com", "tags": ["Third Party Advisory"], "url": "https://www.nozominetworks.com/blog/vulnerabilities-in-bmc-firmware-affect-ot-iot-device-security-part-1/"}, {"source": "prodsec@nozominetworks.com", "tags": ["Third Party Advisory"], "url": "https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-44769/"}], "sourceIdentifier": "prodsec@nozominetworks.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "prodsec@nozominetworks.com", "type": "Secondary"}]}