exploitDog

CVE-2021-32928

Опубликовано: 16 июн. 2021

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

The Sentinel LDK Run-Time Environment installer (Versions 7.6 and prior) adds a firewall rule named “Sentinel License Manager” that allows incoming connections from private networks using TCP Port 1947. While uninstalling, the uninstaller fails to close Port 1947.

Ссылки

https://us-cert.cisa.gov/ics/advisories/icsa-21-159-06
Third Party Advisory
US Government Resource
https://us-cert.cisa.gov/ics/advisories/icsa-21-159-06
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:thalesgroup:sentinel_ldk_run-time_environment:*:*:*:*:*:*:*:*

Версия до 7.6 (включая)

EPSS

Процентиль: 56%

0.0034

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-459

Связанные уязвимости

GHSA-pc4g-vw4w-2pmh

CVSS3: 9.8

github

больше 3 лет назад

The Sentinel LDK Run-Time Environment installer (Versions 7.6 and prior) adds a firewall rule named “Sentinel License Manager” that allows incoming connections from private networks using TCP Port 1947. While uninstalling, the uninstaller fails to close Port 1947.

EPSS

Процентиль: 56%

0.0034

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-459