CVE-2021-44216

Northern.tech CFEngine Enterprise before 3.15.5 and 3.18.x before 3.18.1 has Insecure Permissions that may allow unauthorized local users to access the Apache and Mission Portal log files.

CVSS v3 5.5 MEDIUM
CVSS v2.0 2.1 LOW

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://cfengine.com/blog/2022/cve-2021-44215-and-cve-2021-44216/	Exploit Vendor Advisory
https://northern.tech	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:northern.tech:cfengine:::::enterprise:::*
	cpe:2.3:a:northern.tech:cfengine:::::enterprise:::*

History

No history.

Information

Published : 2022-03-10 17:44

Updated : 2024-02-28 19:09

NVD link : CVE-2021-44216

Mitre link : CVE-2021-44216

CVE.ORG link : CVE-2021-44216

JSON object : View

Products Affected

northern.tech

cfengine

CWE

CWE-276

Incorrect Default Permissions

{"id": "CVE-2021-44216", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2022-03-10T17:44:14.353", "references": [{"url": "https://cfengine.com/blog/2022/cve-2021-44215-and-cve-2021-44216/", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://northern.tech", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-276"}]}], "descriptions": [{"lang": "en", "value": "Northern.tech CFEngine Enterprise before 3.15.5 and 3.18.x before 3.18.1 has Insecure Permissions that may allow unauthorized local users to access the Apache and Mission Portal log files."}, {"lang": "es", "value": "Northern.tech CFEngine Enterprise versiones anteriores a 3.15.5 y versiones 3.18.x anteriores a 3.18.1, presenta Permisos Inseguros que pueden permitir a usuarios locales no autorizados acceder a los archivos de registro de Apache y Mission Portal"}], "lastModified": "2022-03-15T15:29:02.317", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:northern.tech:cfengine:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "44F29511-EDD4-4ED5-A0E2-424A54E3B5EC", "versionEndExcluding": "3.15.5"}, {"criteria": "cpe:2.3:a:northern.tech:cfengine:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "B50D8399-F5F4-4D33-9E10-6073F0E2B41A", "versionEndExcluding": "3.18.1", "versionStartIncluding": "3.18.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}