Vulnerability Name:

CVE-2021-42380 (CCN-213533)

Assigned:2021-11-09
Published:2021-11-09
Updated:2023-04-25
Summary:
CVSS v3 Severity:7.2 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
6.3 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): High
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
6.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)
5.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): High
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:6.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.1 High (CCN CVSS v2 Vector: AV:N/AC:H/Au:S/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2021-42380

Source: CCN
Type: BusyBox Web site
BusyBox

Source: reefs@jfrog.com
Type: UNKNOWN
reefs@jfrog.com

Source: XF
Type: UNKNOWN
busybox-cve202142380-code-exec(213533)

Source: CCN
Type: JFrog Blog, November 9, 2021
Unboxing BusyBox 14 new vulnerabilities uncovered by Claroty and JFrog

Source: reefs@jfrog.com
Type: Third Party Advisory
reefs@jfrog.com

Source: reefs@jfrog.com
Type: Mailing List, Third Party Advisory
reefs@jfrog.com

Source: reefs@jfrog.com
Type: Mailing List, Third Party Advisory
reefs@jfrog.com

Source: reefs@jfrog.com
Type: Third Party Advisory
reefs@jfrog.com

Source: CCN
Type: IBM Security Bulletin 6551876 (Cloud Pak for Security)
Cloud Pak for Security uses packages that are vulnerable to multiple CVEs

Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:busybox:busybox:1.29.3:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.30.0:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.32.1:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.28.0:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.33.0:*:*:*:*:*:*:*
  • OR cpe:/a:busybox:busybox:1.33.1:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:cloud_pak_for_security:1.7.2.0:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:7456
    P
    busybox-1.35.0-150500.8.2 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:3744
    P
    Security update for java-11-openjdk (Important) (in QA)
    2022-07-22
    oval:org.opensuse.security:def:119071
    P
    Security update for busybox (Important)
    2022-02-14
    oval:org.opensuse.security:def:861
    P
    Security update for busybox (Important)
    2022-01-20
    oval:org.opensuse.security:def:119189
    P
    Security update for busybox (Important)
    2022-01-20
    oval:org.opensuse.security:def:118692
    P
    Security update for busybox (Important)
    2022-01-20
    oval:org.opensuse.security:def:119379
    P
    Security update for busybox (Important)
    2022-01-20
    oval:org.opensuse.security:def:118882
    P
    Security update for busybox (Important)
    2022-01-20
    oval:org.opensuse.security:def:119564
    P
    Security update for busybox (Important)
    2022-01-20
    oval:org.opensuse.security:def:101592
    P
    Security update for busybox (Important)
    2022-01-20
    oval:org.opensuse.security:def:99228
    P
    (Important)
    2022-01-17
    oval:org.opensuse.security:def:9876
    P
    Security update for busybox (Important) (in QA)
    2022-01-14
    oval:org.opensuse.security:def:99427
    P
    Security update for busybox (Important) (in QA)
    2022-01-14
    oval:org.opensuse.security:def:8727
    P
    Security update for busybox (Important) (in QA)
    2022-01-14
    oval:org.opensuse.security:def:96210
    P
    Security update for busybox (Important) (in QA)
    2022-01-14
    oval:org.opensuse.security:def:109556
    P
    Security update for busybox (Important) (in QA)
    2022-01-14
    oval:org.opensuse.security:def:92083
    P
    Security update for busybox (Important) (in QA)
    2022-01-14
    oval:org.opensuse.security:def:111864
    P
    Security update for busybox (Important) (in QA)
    2022-01-14
    oval:org.opensuse.security:def:70016
    P
    Security update for busybox (Important) (in QA)
    2022-01-14
    oval:org.opensuse.security:def:10445
    P
    Security update for busybox (Important) (in QA)
    2022-01-14
    oval:org.opensuse.security:def:102890
    P
    Security update for busybox (Important) (in QA)
    2022-01-14
    oval:org.opensuse.security:def:9139
    P
    Security update for busybox (Important) (in QA)
    2022-01-14
    oval:org.opensuse.security:def:96340
    P
    Security update for busybox (Important) (in QA)
    2022-01-14
    oval:org.opensuse.security:def:109599
    P
    Security update for busybox (Important) (in QA)
    2022-01-14
    oval:org.opensuse.security:def:92875
    P
    Security update for busybox (Important) (in QA)
    2022-01-14
    oval:org.opensuse.security:def:106316
    P
    Security update for busybox (Important) (in QA)
    2022-01-14
    oval:org.opensuse.security:def:70585
    P
    Security update for busybox (Important) (in QA)
    2022-01-14
    oval:org.opensuse.security:def:64833
    P
    Security update for busybox (Important) (in QA)
    2022-01-14
    oval:org.opensuse.security:def:102933
    P
    Security update for busybox (Important) (in QA)
    2022-01-14
    oval:org.opensuse.security:def:9887
    P
    Security update for busybox (Important) (in QA)
    2022-01-14
    oval:org.opensuse.security:def:99626
    P
    Security update for busybox (Important) (in QA)
    2022-01-14
    oval:org.opensuse.security:def:8922
    P
    Security update for busybox (Important) (in QA)
    2022-01-14
    oval:org.opensuse.security:def:96220
    P
    Security update for busybox (Important) (in QA)
    2022-01-14
    oval:org.opensuse.security:def:109566
    P
    Security update for busybox (Important) (in QA)
    2022-01-14
    oval:org.opensuse.security:def:92278
    P
    Security update for busybox (Important) (in QA)
    2022-01-14
    oval:org.opensuse.security:def:105723
    P
    Security update for busybox (Important) (in QA)
    2022-01-14
    oval:org.opensuse.security:def:70027
    P
    Security update for busybox (Important) (in QA)
    2022-01-14
    oval:org.opensuse.security:def:10714
    P
    Security update for busybox (Important) (in QA)
    2022-01-14
    oval:org.opensuse.security:def:102900
    P
    Security update for busybox (Important) (in QA)
    2022-01-14
    oval:org.opensuse.security:def:9478
    P
    Security update for busybox (Important) (in QA)
    2022-01-14
    oval:org.opensuse.security:def:99033
    P
    Security update for busybox (Important) (in QA)
    2022-01-14
    oval:org.opensuse.security:def:109687
    P
    Security update for busybox (Important) (in QA)
    2022-01-14
    oval:org.opensuse.security:def:93425
    P
    Security update for busybox (Important) (in QA)
    2022-01-14
    oval:org.opensuse.security:def:106515
    P
    Security update for busybox (Important) (in QA)
    2022-01-14
    oval:org.opensuse.security:def:70854
    P
    Security update for busybox (Important) (in QA)
    2022-01-14
    oval:org.opensuse.security:def:69618
    P
    Security update for busybox (Important) (in QA)
    2022-01-14
    oval:org.opensuse.security:def:103028
    P
    Security update for busybox (Important) (in QA)
    2022-01-14
    oval:org.opensuse.security:def:10427
    P
    Security update for busybox (Important) (in QA)
    2022-01-14
    oval:org.opensuse.security:def:99825
    P
    Security update for busybox (Important) (in QA)
    2022-01-14
    oval:org.opensuse.security:def:9117
    P
    Security update for busybox (Important) (in QA)
    2022-01-14
    oval:org.opensuse.security:def:96249
    P
    Security update for busybox (Important) (in QA)
    2022-01-14
    oval:org.opensuse.security:def:109576
    P
    Security update for busybox (Important) (in QA)
    2022-01-14
    oval:org.opensuse.security:def:92477
    P
    Security update for busybox (Important) (in QA)
    2022-01-14
    oval:org.opensuse.security:def:105918
    P
    Security update for busybox (Important) (in QA)
    2022-01-14
    oval:org.opensuse.security:def:70567
    P
    Security update for busybox (Important) (in QA)
    2022-01-14
    oval:org.opensuse.security:def:10718
    P
    Security update for busybox (Important) (in QA)
    2022-01-14
    oval:org.opensuse.security:def:102910
    P
    Security update for busybox (Important) (in QA)
    2022-01-14
    oval:org.opensuse.security:def:9677
    P
    Security update for busybox (Important) (in QA)
    2022-01-14
    oval:org.opensuse.security:def:96200
    P
    Security update for busybox (Important) (in QA)
    2022-01-14
    oval:org.opensuse.security:def:106804
    P
    Security update for busybox (Important) (in QA)
    2022-01-14
    oval:org.opensuse.security:def:70858
    P
    Security update for busybox (Important) (in QA)
    2022-01-14
    oval:org.opensuse.security:def:69817
    P
    Security update for busybox (Important) (in QA)
    2022-01-14
    oval:org.opensuse.security:def:10441
    P
    Security update for busybox (Important) (in QA)
    2022-01-14
    oval:org.opensuse.security:def:100136
    P
    Security update for busybox (Important) (in QA)
    2022-01-14
    oval:org.opensuse.security:def:9129
    P
    Security update for busybox (Important) (in QA)
    2022-01-14
    oval:org.opensuse.security:def:96259
    P
    Security update for busybox (Important) (in QA)
    2022-01-14
    oval:org.opensuse.security:def:109595
    P
    Security update for busybox (Important) (in QA)
    2022-01-14
    oval:org.opensuse.security:def:92676
    P
    Security update for busybox (Important) (in QA)
    2022-01-14
    oval:org.opensuse.security:def:106117
    P
    Security update for busybox (Important) (in QA)
    2022-01-14
    oval:org.opensuse.security:def:70581
    P
    Security update for busybox (Important) (in QA)
    2022-01-14
    oval:org.opensuse.security:def:73955
    P
    Security update for busybox (Important) (in QA)
    2022-01-14
    oval:org.opensuse.security:def:102929
    P
    Security update for busybox (Important) (in QA)
    2022-01-14
    BACK
    busybox busybox 1.29.3
    busybox busybox 1.30.0
    busybox busybox 1.32.1
    busybox busybox 1.28.0
    busybox busybox 1.33.0
    busybox busybox 1.33.1
    ibm cloud pak for security 1.7.2.0