Main Vulnerability Database SB2021061002

SB2021061002 - Incomplete cleanup in Thales Sentinel LDK Run-Time Environment

Published: June 10, 2021

Security Bulletin ID SB2021061002

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Incomplete cleanup (CVE-ID: CVE-2021-32928)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to an incomplete cleanup within the "Sentinel License Manager" firewall rule. A remote attacker can connect to the target port.

Remediation

Install update from vendor's website.

References

https://ics-cert.us-cert.gov/advisories/icsa-21-159-06