CVE-2021-38412
Last modified
CVE-2021-38412 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. Properly formatted POST requests to multiple resources on the HTTP and HTTPS web servers of the Digi PortServer TS 16 Rack device do not require authentication or authentication tokens. This vulnerability could allow an attacker to enable the SNMP service and manipulate the community strings to achieve further control in.. EPSS estimates a 1.26% chance of exploitation in the next 30 days.
Description
Properly formatted POST requests to multiple resources on the HTTP and HTTPS web servers of the Digi PortServer TS 16 Rack device do not require authentication or authentication tokens. This vulnerability could allow an attacker to enable the SNMP service and manipulate the community strings to achieve further control in.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Digi | Portserver Ts 16 Firmware | 82000684 |
| Digi | Portserver Ts 16 Firmware | 82000685 |
References
- https://us-cert.cisa.gov/ics/advisories/icsa-21-257-01Third Party Advisory, US Government Resource
- https://us-cert.cisa.gov/ics/advisories/icsa-21-257-01Third Party Advisory, US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-38412?
How severe is CVE-2021-38412?
How do I fix CVE-2021-38412?
Are you affected by CVE-2021-38412?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST