Inadequate Encryption Strength in MU320E - CVE-2021-27450

 

Inadequate Encryption Strength in MU320E - CVE-2021-27450

Published: March 24, 2021


Vulnerability identifier: #VU51699
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-27450
CWE-ID: CWE-326
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: GE
Affected software:
MU320E

Detailed vulnerability description

The vulnerability allows a local administrator to compromise the target system.

The vulnerability exists due to the SSH server configuration file does not implement some best practices, which can lead to additional misconfiguration or be leveraged as part of a larger attack.


How to mitigate CVE-2021-27450

Install updates from vendor's website.

Sources