CVE-2021-31399

CVE-2021-31399

by mathildeexlm

Abstract Advisory Information

The communication between the access unit and a web relay is prone to Man in the Middle (MitM) attack if the attacker can impersonate the IP of the web relay.

Authors: Rémy Grandin

Version affected

Name: Access Unit 2.0

Versions: Firmware 2.31.0.40.5

Common Vulnerability Scoring System

4.6

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

References

Vulnerability Disclosure Timeline

  • 15/03/2021: Vulnerability discovery
  • 07/04/2021: Vulnerability Report to CERT-XLM
  • 07/04/2021: Vulnerability Report to 2N Technical Support
  • 07/04/2021: 2N Technical support acknowledgment
  • 15/04/2021: Request CVE IDs to Mitre
  • 19/04/2021: Provided CVE ID to 2N Technical Support
  • 08/06/2021: 2N Provides good technical reasons and will fix the vulnerability. Extend time before disclosure +90 days from now
  • 16/06/2021: 2N tells that a fix will not be ready until the end of the year
  • 12/08/2021: Expected Vulnerability disclosure
Top