CVE-2021-28911

BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers access to /tmp path which contains some sensitive data (e.g. device serial number). Having those info, a possible loginId can be self-calculated in a brute force attack against BMX interface. This is usable and part of an attack chain to gain SSH root access.

CVSS v3 9.8 CRITICAL
CVSS v2.0 10.0 HIGH

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://psytester.github.io/CVE-2021-28911	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:bab-technologie:eibport_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:bab-technologie:eibport:v3:*:*:*:*:*:*:*

History

20 Sep 2021, 20:37

Type	Values Removed	Values Added
References	~~(MISC) https://psytester.github.io/CVE-2021-28911 -~~	(MISC) https://psytester.github.io/CVE-2021-28911 - Third Party Advisory
CPE		cpe:2.3:h:bab-technologie:eibport:v3:::::::* cpe:2.3:o:bab-technologie:eibport_firmware::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 10.0 v3 : 9.8
CWE		CWE-307 CWE-863

09 Sep 2021, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-09-09 18:15

Updated : 2023-12-10 14:09

NVD link : CVE-2021-28911

Mitre link : CVE-2021-28911

CVE.ORG link : CVE-2021-28911

JSON object : View

Products Affected

bab-technologie

eibport_firmware
eibport

CWE

CWE-307

Improper Restriction of Excessive Authentication Attempts

CWE-863

Incorrect Authorization

{"id": "CVE-2021-28911", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2021-09-09T18:15:08.873", "references": [{"url": "https://psytester.github.io/CVE-2021-28911", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-307"}, {"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers access to /tmp path which contains some sensitive data (e.g. device serial number). Having those info, a possible loginId can be self-calculated in a brute force attack against BMX interface. This is usable and part of an attack chain to gain SSH root access."}, {"lang": "es", "value": "BAB TECHNOLOGIE GmbH eibPort versiones V3 anteriores a 3.9.1, permite a atacantes no autenticados acceder a la ruta /tmp que contiene algunos datos confidenciales (por ejemplo, el n\u00famero de serie del dispositivo). Teniendo esa informaci\u00f3n, un posible loginId puede ser auto calculado en un ataque de fuerza bruta contra la interfaz BMX. Esto es usable y forma parte de una cadena de ataque para conseguir acceso root SSH"}], "lastModified": "2021-09-20T20:37:02.250", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:bab-technologie:eibport_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E1608441-C7C0-45B8-8141-8B1A0477749E", "versionEndExcluding": "3.9.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:bab-technologie:eibport:v3:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "36B8476A-E1CC-4C60-9EC1-05AD71A3EF56"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}