Vulnerability Name:

CVE-2021-3618 (CCN-207761)

Assigned:2021-06-09
Published:2021-06-09
Updated:2023-02-09
Summary:
CVSS v3 Severity:7.4 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)
6.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): None
7.4 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)
6.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): None
CVSS v2 Severity:5.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
7.1 High (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): None
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2021-3618

Source: CCN
Type: NGINX Web site
changeset 7844:ec1071830799

Source: CCN
Type: ALPACA Attack Web site
ALPACA Attack

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: CCN
Type: Red Hat Bugzilla – Bug 1975623
(ALPACA, CVE-2021-3618) - CVE-2021-3618 ALPACA: Application Layer Protocol Confusion - Analyzing and Mitigating Cracks in TLS Authentication

Source: secalert@redhat.com
Type: Issue Tracking, Patch, Third Party Advisory
secalert@redhat.com

Source: XF
Type: UNKNOWN
nginx-cve20213618-weak-security(207761)

Source: CCN
Type: NGINX GIT Repository
Mail: max_errors directive

Source: secalert@redhat.com
Type: Mailing List, Third Party Advisory
secalert@redhat.com

Source: CCN
Type: sendmail Mailing List, 2020-07-05 7:25:15
sendmail 8.16.1 available

Source: CCN
Type: vsftpd Web site
vsftpd

Source: CCN
Type: SNYK-DEBIAN10-NGINX-1320230
SNYK-DEBIAN10-NGINX-1320230

Source: CCN
Type: IBM Security Bulletin 6489853 (Cloud Automation Manager)
A security vulnerability in NGINX ffects IBM Cloud Automation Manager

Source: CCN
Type: IBM Security Bulletin 6514817 (Cloud Pak for Multicloud Management)
A security vulnerability in NGINX affects IBM Cloud Pak for Multicloud Management Managed Services

Source: CCN
Type: IBM Security Bulletin 6539222 (Spectrum Discover)
Vulnerabilities in Apache Kafka and NGINX affect IBM Spectrum Discover

Source: CCN
Type: IBM Security Bulletin 6603691 (Watson Discovery)
IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Nginx

Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:vsftpd_project:vsftpd:3.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:f5:nginx:1.10.3:*:*:*:*:*:*:*
  • OR cpe:/a:f5:nginx:1.14.2:*:*:*:*:*:*:*
  • OR cpe:/a:f5:nginx:1.18.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:769
    P
    		Security update for vsftpd (Important)
    2022-09-20
    BACK
    vsftpd_project vsftpd 3.0.3
    f5 nginx 1.10.3
    f5 nginx 1.14.2
    f5 nginx 1.18.0