admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2021/CVE-2021-201xx/CVE-2021-20145.json
cad-safe-bot e6cbafdc40 Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00

127 lines
3.9 KiB
JSON
Raw Blame History

{
"id": "CVE-2021-20145",
"sourceIdentifier": "vulnreport@tenable.com",
"published": "2021-12-09T16:15:08.123",
"lastModified": "2024-11-21T05:46:00.553",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Gryphon Tower routers contain an unprotected openvpn configuration file which can grant attackers access to the Gryphon homebound VPN network which exposes the LAN interfaces of other users' devices connected to the same service. An attacker could leverage this to make configuration changes to, or otherwise attack victims' devices as though they were on an adjacent network."
},
{
"lang": "es",
"value": "Los routers de Gryphon Tower contienen un archivo de configuraci\u00f3n openvpn no protegido que puede conceder a atacantes acceso a la red VPN dom\u00e9stica de Gryphon, que expone las interfaces LAN de los dispositivos de otros usuarios conectados al mismo servicio. Un atacante podr\u00eda aprovechar esto para realizar cambios en la configuraci\u00f3n o atacar los dispositivos de las v\u00edctimas como si estuvieran en una red adyacente"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"baseScore": 5.0,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:gryphonconnect:gryphon_tower_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "04.0004.12",
"matchCriteriaId": "F0E6D9AA-BA55-417C-9AA7-12FDA077BB49"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:gryphonconnect:gryphon_tower:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85AD2611-183D-4ACE-AF89-0E1B29CE1371"
}
]
}
]
}
],
"references": [
{
"url": "https://www.tenable.com/security/research/tra-2021-51",
"source": "vulnreport@tenable.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
},
{
"url": "https://www.tenable.com/security/research/tra-2021-51",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink