CVE-2021-27448
 
Severity Score
7.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A miscommunication in the file system allows adversaries with access to the MU320E to escalate privileges on the MU320E (all firmware versions prior to v04A00.1).
Una falta de comunicación en el sistema de archivos permite a adversarios con acceso al MU320E escalar privilegios en el MU320E (todas las versiones de firmware anteriores a v04A00.1)
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-02-19 CVE Reserved
- 2021-03-25 CVE Published
- 2024-08-03 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-250: Execution with Unnecessary Privileges
- CWE-269: Improper Privilege Management
CAPEC
References (1)
URL | Tag | Source |
---|---|---|
https://us-cert.cisa.gov/ics/advisories/icsa-21-082-02 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Ge Search vendor "Ge" | Mu320e Firmware Search vendor "Ge" for product "Mu320e Firmware" | < 04a00.1 Search vendor "Ge" for product "Mu320e Firmware" and version " < 04a00.1" | - |
Affected
| in | Ge Search vendor "Ge" | Mu320e Search vendor "Ge" for product "Mu320e" | - | - |
Safe
|