Main Vulnerability Database Vulnerabilities #VU56607

#VU56607 Improper Authentication in PortServer TS 16 - CVE-2021-38412

Published: September 15, 2021

Vulnerability identifier: #VU56607

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2021-38412

CWE-ID: CWE-287

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
PortServer TS 16

Software vendor:
Digi International Inc.

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in when processing authentication requests. A remote attacker on the local network can enable the SNMP service and manipulate the community strings to achieve further control.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://ics-cert.us-cert.gov/advisories/icsa-21-257-01