CVE-2021-27453
Mesa Labs AmegaView authentication bypass
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Mesa Labs AmegaView Versions 3.0 uses default cookies that could be set to bypass authentication to the web application, which may allow an attacker to gain access.
Mesa Labs AmegaView Versión 3.0, usa cookies por defecto que podrían ser configuradas para omitir la autenticación de la aplicación web, lo que podría permitir a un atacante conseguir acceso
*Credits:
Stephen Yackey of Securifera reported these vulnerabilities to CISA.
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-02-19 CVE Reserved
- 2021-12-21 CVE Published
- 2024-09-17 CVE Updated
- 2024-09-19 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-288: Authentication Bypass Using an Alternate Path or Channel
CAPEC
References (1)
URL | Tag | Source |
---|---|---|
https://us-cert.cisa.gov/ics/advisories/icsa-21-147-03 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|