// For flags

CVE-2021-40523

 

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

In Contiki 3.0, Telnet option negotiation is mishandled. During negotiation between a server and a client, the server may fail to give the WILL/WONT or DO/DONT response for DO and WILL commands because of improper handling of exception condition, which leads to property violations and denial of service. Specifically, a server sometimes sends no response, because a fixed buffer space is available for all responses and that space may have been exhausted.

En Contiki versión 3.0, la negociación de opciones de Telnet es manejada inapropiadamente. Durante la negociación entre un servidor y un cliente, el servidor puede fallar en dar la respuesta WILL/WONT o DO/DONT para los comandos DO y WILL debido a un manejo inapropiado de la condición de excepción, que conlleva a violaciones de las propiedades y a una denegación del servicio. Específicamente, un servidor a veces no envía ninguna respuesta, porque un espacio de búfer fijo está disponible para todas las respuestas y ese espacio puede haberse agotado

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-09-05 CVE Reserved
  • 2021-09-05 CVE Published
  • 2024-05-21 EPSS Updated
  • 2024-08-04 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-754: Improper Check for Unusual or Exceptional Conditions
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
https://github.com/contiki-os/contiki/issues/2686 2021-09-10
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Contiki-os
Search vendor "Contiki-os"
 Contiki
Search vendor "Contiki-os" for product "Contiki"
 3.0
Search vendor "Contiki-os" for product "Contiki" and version "3.0"
-
Affected