Main Vulnerability Database Vulnerabilities #VU130489

Authentication Bypass by Spoofing in keylime - CVE-2021-43310

Published: January 27, 2022 / Updated: May 7, 2026

Vulnerability identifier: #VU130489

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2021-43310

CWE-ID: CWE-290

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Keylime

Affected software:
keylime

Detailed vulnerability description

The vulnerability allows a remote attacker to reset or replay encryption keys and payload data.

The vulnerability exists due to authentication bypass by spoofing in the Keylime agent when handling crafted key reset or replay requests. A remote attacker can send a specially crafted request or replay captured U and V keys and payload data to reset or replay encryption keys and payload data.

Depending on how the client is configured, new revocation and attestation actions may be added, which could lead to remote code execution.

How to mitigate CVE-2021-43310

Install security update from vendor's website.

Sources

https://github.com/keylime/keylime/security/advisories/GHSA-2m39-75g9-ff5r

Authentication Bypass by Spoofing in keylime - CVE-2021-43310

Detailed vulnerability description

How to mitigate CVE-2021-43310

Sources

Please verify you're human