nvd-json-data-feeds/CVE-2021/CVE-2021-289xx/CVE-2021-28912.json

{
  "id": "CVE-2021-28912",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2021-09-09T18:15:08.947",
  "lastModified": "2024-11-21T06:00:23.460",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "BAB TECHNOLOGIE GmbH eibPort V3. Each device has its own unique hard coded and weak root SSH key passphrase known as 'eibPort string'. This is usable and the final part of an attack chain to gain SSH root access."
    },
    {
      "lang": "es",
      "value": "BAB TECHNOLOGIE GmbH eibPort versi\u00f3n V3. Cada dispositivo presenta su propia frase de contrase\u00f1a de clave SSH root d\u00e9bil y codificada, conocida como \"eibPort string\". Esto es usable y la parte final de una cadena de ataque para conseguir acceso root SSH"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "HIGH",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "baseScore": 9.0,
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "SINGLE",
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "availabilityImpact": "COMPLETE"
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-521"
        },
        {
          "lang": "en",
          "value": "CWE-798"
        }
      ]
    }
  ],
  "configurations": [
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:bab-technologie:eibport_firmware:*:*:*:*:*:*:*:*",
              "versionEndExcluding": "3.9.1",
              "matchCriteriaId": "E1608441-C7C0-45B8-8141-8B1A0477749E"
            }
          ]
        },
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:h:bab-technologie:eibport:v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "36B8476A-E1CC-4C60-9EC1-05AD71A3EF56"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://psytester.github.io/CVE-2021-28912",
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://psytester.github.io/CVE-2021-28912",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ]
    }
  ]
}