CVE-2021-20590 (GCVE-0-2021-20590)
Vulnerability from cvelistv5
Published
2021-04-22 18:54
Modified
2024-08-03 17:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper authentication
Summary
Improper authentication vulnerability in GOT2000 series GT27 model VNC server versions 01.39.010 and prior, GOT2000 series GT25 model VNC server versions 01.39.010 and prior, GOT2000 series GT21 model GT2107-WTBD VNC server versions 01.40.000 and prior, GOT2000 series GT21 model GT2107-WTSD VNC server versions 01.40.000 and prior, GOT SIMPLE series GS21 model GS2110-WTBD-N VNC server versions 01.40.000 and prior and GOT SIMPLE series GS21 model GS2107-WTBD-N VNC server versions 01.40.000 and prior allows a remote unauthenticated attacker to gain unauthorized access via specially crafted packets when the "VNC server" function is used.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | n/a | GOT2000 series GT27 model |
Version: VNC server version 01.39.010 and prior |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:45:44.626Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-001_en.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU97615777/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GOT2000 series GT27 model",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VNC server version 01.39.010 and prior"
}
]
},
{
"product": "GOT2000 series GT25 model",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VNC server version 01.39.010 and prior"
}
]
},
{
"product": "GOT2000 series GT21 model GT2107-WTBD",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VNC server version 01.40.000 and prior"
}
]
},
{
"product": "GOT2000 series GT21 model GT2107-WTSD",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VNC server version 01.40.000 and prior"
}
]
},
{
"product": "GOT SIMPLE series GS21 model GS2110-WTBD-N",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VNC server version 01.40.000 and prior"
}
]
},
{
"product": "GOT SIMPLE series GS21 model GS2107-WTBD-N",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VNC server version 01.40.000 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper authentication vulnerability in GOT2000 series GT27 model VNC server versions 01.39.010 and prior, GOT2000 series GT25 model VNC server versions 01.39.010 and prior, GOT2000 series GT21 model GT2107-WTBD VNC server versions 01.40.000 and prior, GOT2000 series GT21 model GT2107-WTSD VNC server versions 01.40.000 and prior, GOT SIMPLE series GS21 model GS2110-WTBD-N VNC server versions 01.40.000 and prior and GOT SIMPLE series GS21 model GS2107-WTBD-N VNC server versions 01.40.000 and prior allows a remote unauthenticated attacker to gain unauthorized access via specially crafted packets when the \"VNC server\" function is used."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper authentication",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-02T17:51:58",
"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"shortName": "Mitsubishi"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-001_en.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://jvn.jp/vu/JVNVU97615777/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"ID": "CVE-2021-20590",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GOT2000 series GT27 model",
"version": {
"version_data": [
{
"version_value": "VNC server version 01.39.010 and prior"
}
]
}
},
{
"product_name": "GOT2000 series GT25 model",
"version": {
"version_data": [
{
"version_value": "VNC server version 01.39.010 and prior"
}
]
}
},
{
"product_name": "GOT2000 series GT21 model GT2107-WTBD",
"version": {
"version_data": [
{
"version_value": "VNC server version 01.40.000 and prior"
}
]
}
},
{
"product_name": "GOT2000 series GT21 model GT2107-WTSD",
"version": {
"version_data": [
{
"version_value": "VNC server version 01.40.000 and prior"
}
]
}
},
{
"product_name": "GOT SIMPLE series GS21 model GS2110-WTBD-N",
"version": {
"version_data": [
{
"version_value": "VNC server version 01.40.000 and prior"
}
]
}
},
{
"product_name": "GOT SIMPLE series GS21 model GS2107-WTBD-N",
"version": {
"version_data": [
{
"version_value": "VNC server version 01.40.000 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper authentication vulnerability in GOT2000 series GT27 model VNC server versions 01.39.010 and prior, GOT2000 series GT25 model VNC server versions 01.39.010 and prior, GOT2000 series GT21 model GT2107-WTBD VNC server versions 01.40.000 and prior, GOT2000 series GT21 model GT2107-WTSD VNC server versions 01.40.000 and prior, GOT SIMPLE series GS21 model GS2110-WTBD-N VNC server versions 01.40.000 and prior and GOT SIMPLE series GS21 model GS2107-WTBD-N VNC server versions 01.40.000 and prior allows a remote unauthenticated attacker to gain unauthorized access via specially crafted packets when the \"VNC server\" function is used."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-001_en.pdf",
"refsource": "CONFIRM",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-001_en.pdf"
},
{
"name": "https://jvn.jp/vu/JVNVU97615777/index.html",
"refsource": "CONFIRM",
"url": "https://jvn.jp/vu/JVNVU97615777/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"assignerShortName": "Mitsubishi",
"cveId": "CVE-2021-20590",
"datePublished": "2021-04-22T18:54:28",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:45:44.626Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2021-20590\",\"sourceIdentifier\":\"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp\",\"published\":\"2021-04-22T19:15:07.363\",\"lastModified\":\"2024-11-21T05:46:50.060\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper authentication vulnerability in GOT2000 series GT27 model VNC server versions 01.39.010 and prior, GOT2000 series GT25 model VNC server versions 01.39.010 and prior, GOT2000 series GT21 model GT2107-WTBD VNC server versions 01.40.000 and prior, GOT2000 series GT21 model GT2107-WTSD VNC server versions 01.40.000 and prior, GOT SIMPLE series GS21 model GS2110-WTBD-N VNC server versions 01.40.000 and prior and GOT SIMPLE series GS21 model GS2107-WTBD-N VNC server versions 01.40.000 and prior allows a remote unauthenticated attacker to gain unauthorized access via specially crafted packets when the \\\"VNC server\\\" function is used.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de autenticaci\u00f3n inadecuada en el servidor VNC de la serie GOT2000 modelo GT27 versiones 01.39.010 y anteriores, servidor VNC de la serie GOT2000 modelo GT25 versiones 01.39.010 y anteriores, servidor VNC de la serie GOT2000 modelo GT2107-WTBD versiones 01.40.000 y anteriores, servidor VNC de la serie GOT2000 modelo GT2107-WTSD versiones 01.40. 000 y anteriores, el servidor VNC de la serie GOT SIMPLE GS21 modelo GS2110-WTBD-N versiones 01.40.000 y anteriores y el servidor VNC de la serie GOT SIMPLE GS21 modelo GS2107-WTBD-N versiones 01.40.000 y anteriores permite a un atacante remoto no autenticado obtener acceso no autorizado a trav\u00e9s de paquetes especialmente dise\u00f1ados cuando se utiliza la funci\u00f3n \\\"servidor VNC\\\".\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mitsubishielectric:got2000_gt27_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"01.39.010\",\"matchCriteriaId\":\"22A5B6C7-8B78-4129-B86E-B7CF89F516C6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mitsubishielectric:got2000_gt27:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"498350D7-F7D7-478E-AD3A-3FE100434649\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mitsubishielectric:got2000_gt25_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"01.39.010\",\"matchCriteriaId\":\"F7E4DB38-4E11-45AD-AD7D-83A4176AF2AC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mitsubishielectric:got2000_gt25:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED2A8FF7-2CFA-4604-A6DE-AE05F7BF1838\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mitsubishielectric:gt2107-wtbd_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"01.40.000\",\"matchCriteriaId\":\"ADEB8E65-0B88-4E32-BF2C-0A48DBE69A29\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mitsubishielectric:gt2107-wtbd:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D8D058D-DDFB-45D4-BF67-52F47CA0634C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mitsubishielectric:gt2107-wtsd_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"01.40.000\",\"matchCriteriaId\":\"9D35B387-13E1-4A4B-85FE-1859328A2C1F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mitsubishielectric:gt2107-wtsd:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6A4460D-F108-4DAE-AB65-1083C140F63C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mitsubishielectric:gs2110-wtbd-n_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"01.40.000\",\"matchCriteriaId\":\"1653C34C-63FD-4415-A3DE-31209CBBF934\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mitsubishielectric:gs2110-wtbd-n:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BCA7AF60-7B6A-4ED7-AA1B-40C5097E4EE4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mitsubishielectric:gs2107-wtbd-n_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"01.40.000\",\"matchCriteriaId\":\"5F2961DA-1947-4DC7-9A8B-05E8588BA2A6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mitsubishielectric:gs2107-wtbd-n:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"63EA140E-C23D-41FF-B4EF-686C2D42BD22\"}]}]}],\"references\":[{\"url\":\"https://jvn.jp/vu/JVNVU97615777/index.html\",\"source\":\"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp\"},{\"url\":\"https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-001_en.pdf\",\"source\":\"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp\"},{\"url\":\"https://jvn.jp/vu/JVNVU97615777/index.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-001_en.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…