Adding CVE-2021-3825

2025-07-29 05:56:59 +00:00 · 2021-10-01 17:04:15 +03:00 · 2021-10-01 17:04:15 +03:00 · c6bcc18e61
commit c6bcc18e61
parent 59f32788ec
1 changed files with 117 additions and 16 deletions
--- a/2021/3xxx/CVE-2021-3825.json
+++ b/2021/3xxx/CVE-2021-3825.json
@ -1,18 +1,119 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
-    "CVE_data_meta": {
-        "ID": "CVE-2021-3825",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
-    },
-    "description": {
-        "description_data": [
-            {
-                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
-            }
-        ]
+  "data_type": "CVE",
+  "data_format": "MITRE",
+  "data_version": "4.0",
+  "generator": {
+    "engine": "Vulnogram 0.0.9"
+  },
+  "CVE_data_meta": {
+    "ID": "CVE-2021-3825",
+    "ASSIGNER": "cve@usom.gov.tr",
+    "DATE_PUBLIC": "2021-09-17T00:00:00.000Z",
+    "TITLE": "Missing Authorization Checks in LiderAhenk",
+    "AKA": "",
+    "STATE": "PUBLIC"
+  },
+  "source": {
+    "defect": [
+      "TR-21-0795"
+    ],
+    "advisory": "TR-21-0795",
+    "discovery": "EXTERNAL"
+  },
+  "affects": {
+    "vendor": {
+      "vendor_data": [
+        {
+          "vendor_name": "TUBITAK",
+          "product": {
+            "product_data": [
+              {
+                "product_name": "Lider",
+                "version": {
+                  "version_data": [
+                    {
+                      "version_name": "",
+                      "version_affected": "<",
+                      "version_value": "2.1.16",
+                      "platform": ""
+                    }
+                  ]
+                }
+              }
+            ]
+          }
+        }
+      ]
    }
-}
+  },
+  "problemtype": {
+    "problemtype_data": [
+      {
+        "description": [
+          {
+            "lang": "eng",
+            "value": "CWE-306 Missing Authentication for Critical Function"
+          }
+        ]
+      }
+    ]
+  },
+  "description": {
+    "description_data": [
+      {
+        "lang": "eng",
+        "value": "On 2.1.15 version and below of Lider module in LiderAhenk software is leaking it's configurations via an unsecured API. An attacker with an access to the configurations API could get valid LDAP credentials."
+      }
+    ]
+  },
+  "references": {
+    "reference_data": [
+      {
+        "refsource": "CONFIRM",
+        "url": "https://www.usom.gov.tr/bildirim/tr-21-0795",
+        "name": "https://www.usom.gov.tr/bildirim/tr-21-0795"
+      },
+      {
+        "refsource": "CONFIRM",
+        "url": "https://pentest.blog/liderahenk-0day-all-your-pardus-clients-belongs-to-me/",
+        "name": "https://pentest.blog/liderahenk-0day-all-your-pardus-clients-belongs-to-me/"
+      }
+    ]
+  },
+  "configuration": [],
+  "impact": {
+    "cvss": {
+      "version": "3.1",
+      "attackVector": "ADJACENT_NETWORK",
+      "attackComplexity": "LOW",
+      "privilegesRequired": "NONE",
+      "userInteraction": "NONE",
+      "scope": "CHANGED",
+      "confidentialityImpact": "HIGH",
+      "integrityImpact": "HIGH",
+      "availabilityImpact": "HIGH",
+      "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
+      "baseScore": 9.6,
+      "baseSeverity": "CRITICAL"
+    }
+  },
+  "exploit": [
+    {
+      "lang": "eng",
+      "value": "https://github.com/mdisec/pardus-liderahenk-0day-RCE"
+    }
+  ],
+  "work_around": [],
+  "solution": [
+    {
+      "lang": "eng",
+      "value": "Lider component should be updated to 2.1.16."
+    }
+  ],
+  "credit": [
+    {
+      "lang": "eng",
+      "value": "Mehmet INCE from PRODAFT"
+    }
+  ]
+}