CVE-2021-20989

Fibaro Home Center 2 and Lite devices with firmware version 4.600 and older initiate SSH connections to the Fibaro cloud to provide remote access and remote support capabilities. This connection can be intercepted using DNS spoofing attack and a device initiated remote port-forward channel can be used to connect to the web management interface. Knowledge of authorization credentials to the management interface is required to perform any further actions.

CVSS v3 5.9 MEDIUM
CVSS v2.0 4.3 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://packetstormsecurity.com/files/162243/Fibaro-Home-Center-MITM-Missing-Authentication-Code-Execution.html	Exploit Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2021/Apr/27	Mailing List Third Party Advisory
https://www.iot-inspector.com/blog/advisory-fibaro-home-center/	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:fibaro:home_center_2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fibaro:home_center_2:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:fibaro:home_center_lite_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fibaro:home_center_lite:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-04-19 14:15

Updated : 2024-02-28 18:28

NVD link : CVE-2021-20989

Mitre link : CVE-2021-20989

CVE.ORG link : CVE-2021-20989

JSON object : View

Products Affected

fibaro

home_center_lite
home_center_lite_firmware
home_center_2_firmware
home_center_2

CWE

CWE-295

Improper Certificate Validation

{"id": "CVE-2021-20989", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "info@cert.vde.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.2}, {"type": "Secondary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2021-04-19T14:15:11.570", "references": [{"url": "http://packetstormsecurity.com/files/162243/Fibaro-Home-Center-MITM-Missing-Authentication-Code-Execution.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "info@cert.vde.com"}, {"url": "http://seclists.org/fulldisclosure/2021/Apr/27", "tags": ["Mailing List", "Third Party Advisory"], "source": "info@cert.vde.com"}, {"url": "https://www.iot-inspector.com/blog/advisory-fibaro-home-center/", "tags": ["Exploit", "Third Party Advisory"], "source": "info@cert.vde.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "info@cert.vde.com", "description": [{"lang": "en", "value": "CWE-295"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-295"}]}], "descriptions": [{"lang": "en", "value": "Fibaro Home Center 2 and Lite devices with firmware version 4.600 and older initiate SSH connections to the Fibaro cloud to provide remote access and remote support capabilities. This connection can be intercepted using DNS spoofing attack and a device initiated remote port-forward channel can be used to connect to the web management interface. Knowledge of authorization credentials to the management interface is required to perform any further actions."}, {"lang": "es", "value": "Los dispositivos Fibaro Home Center versi\u00f3n 2 y Lite con versiones de firmware 4.600 y anteriores, inician conexiones SSH a la nube de Fibaro para proporcionar acceso remoto y capacidades de soporte remoto. Esta conexi\u00f3n puede ser interceptada usando un ataque de suplantaci\u00f3n de DNS y puede ser usado un canal de reenv\u00edo de puerto remoto iniciado por el dispositivo para conectarse a la interfaz de administraci\u00f3n web. Es requerido un conocimiento de unas credenciales de autorizaci\u00f3n para la interfaz de administraci\u00f3n para llevar a cabo cualquier acci\u00f3n adicional"}], "lastModified": "2022-10-29T02:49:32.803", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fibaro:home_center_2_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "867FAF63-0352-4AC8-AB9D-1FDEC2E942D4", "versionEndIncluding": "4.600"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:fibaro:home_center_2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8021D17B-DD82-46D0-AE92-372649467F1F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fibaro:home_center_lite_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A06A908C-D871-46DA-AC42-63FF1518A558", "versionEndIncluding": "4.600"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:fibaro:home_center_lite:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6A19AFCC-B670-450C-8B64-7770C86B4692"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "info@cert.vde.com"}