CVE Vulnerability

CVE-2021-27215

An issue was discovered in genua genugate before 9.0 Z p19, 9.1.x through 9.6.x before 9.6 p7, and 10.x before 10.1 p4. The Web Interfaces (Admin, Userweb, Sidechannel) can use different methods to perform the authentication of a user. A specific authentication method during login does not check the provided data (when a certain manipulation occurs) and returns OK for any authentication request. This allows an attacker to login to the admin panel as a user of his choice, e.g., the root user (with highest privileges) or even a non-existing user.

7.5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

9.8 /10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://sec-consult.com/vulnerability-lab/advisory/authentication-bypass-genua-genugate/ Exploit Third Party Advisory
https://www.genua.de/en/it-security-solutions/high-resistance-firewall-genugate Product
https://kunde.genua.de/en/overview/genugate.html Patch Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:genua:genuagate:10.1:p1:*:*:*:*:*:*
cpe:2.3:a:genua:genuagate:10.1:p2:*:*:*:*:*:*
cpe:2.3:a:genua:genuagate:10.1:p3:*:*:*:*:*:*
cpe:2.3:a:genua:genuagate:10.1:-:*:*:*:*:*:*
cpe:2.3:a:genua:genuagate:*:*:*:*:*:*:*:*
cpe:2.3:a:genua:genuagate:9.0:-:*:*:*:*:*:*
cpe:2.3:a:genua:genuagate:9.0:p1:*:*:*:*:*:*
cpe:2.3:a:genua:genuagate:9.0:p2:*:*:*:*:*:*
cpe:2.3:a:genua:genuagate:9.0:p3:*:*:*:*:*:*
cpe:2.3:a:genua:genuagate:9.0:p4:*:*:*:*:*:*
cpe:2.3:a:genua:genuagate:9.0:p5:*:*:*:*:*:*
cpe:2.3:a:genua:genuagate:9.0:p6:*:*:*:*:*:*
cpe:2.3:a:genua:genuagate:9.0:p7:*:*:*:*:*:*
cpe:2.3:a:genua:genuagate:9.0:p8:*:*:*:*:*:*
cpe:2.3:a:genua:genuagate:9.0:p9:*:*:*:*:*:*
cpe:2.3:a:genua:genuagate:9.0:p10:*:*:*:*:*:*
cpe:2.3:a:genua:genuagate:9.0:p11:*:*:*:*:*:*
cpe:2.3:a:genua:genuagate:9.0:p12:*:*:*:*:*:*
cpe:2.3:a:genua:genuagate:9.0:p13:*:*:*:*:*:*
cpe:2.3:a:genua:genuagate:9.0:p14:*:*:*:*:*:*
cpe:2.3:a:genua:genuagate:9.0:p15:*:*:*:*:*:*
cpe:2.3:a:genua:genuagate:9.0:p16:*:*:*:*:*:*
cpe:2.3:a:genua:genuagate:9.0:p17:*:*:*:*:*:*
cpe:2.3:a:genua:genuagate:9.0:p18:*:*:*:*:*:*
cpe:2.3:a:genua:genuagate:*:*:*:*:*:*:*:*
cpe:2.3:a:genua:genuagate:9.6.0:p1:*:*:*:*:*:*
cpe:2.3:a:genua:genuagate:9.6.0:p2:*:*:*:*:*:*
cpe:2.3:a:genua:genuagate:9.6.0:p3:*:*:*:*:*:*
cpe:2.3:a:genua:genuagate:9.6.0:p4:*:*:*:*:*:*
cpe:2.3:a:genua:genuagate:9.6.0:p5:*:*:*:*:*:*
cpe:2.3:a:genua:genuagate:9.6.0:p6:*:*:*:*:*:*
cpe:2.3:a:genua:genuagate:9.6.0:-:*:*:*:*:*:*
Information

Published : 2021-03-03 04:15

Updated : 2022-07-12 05:42

NVD link : CVE-2021-27215

Mitre link : CVE-2021-27215

Products Affected
No products.
CWE
CWE-306