Main Vulnerability Database Vulnerabilities #VU51001

Permissions, Privileges, and Access Controls in ICX35-HWC-A and ICX35-HWC-E - CVE-2021-22661

Published: March 1, 2021

Vulnerability identifier: #VU51001

CSH Severity: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2021-22661

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
ICX35-HWC-A
ICX35-HWC-E

Software vendor:
ProSoft Technology

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to changing the password on the module webpage does not require the user to type in the current password first. A remote attacker can change the current user’s password and alter device configurations.

Remediation

Install updates from vendor's website.

External links

https://us-cert.cisa.gov/ics/advisories/icsa-21-056-04

Permissions, Privileges, and Access Controls in ICX35-HWC-A and ICX35-HWC-E - CVE-2021-22661

Description

Remediation

External links

Please verify you're human