CVE-2021-27453

Published: Dec 21, 2021Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Mesa Labs AmegaView Versions 3.0 uses default cookies that could be set to bypass authentication to the web application, which may allow an attacker to gain access.

Affected (1)

Products: Mesalabs: Amegaview

Mesalabs

1 product

Amegaview

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mesalabs Amegaview	Up to 3.0

Related CWEs

CWE-288

Authentication Bypass Using an Alternate Path or Channel

A product requires authentication, but the product has an alternate path or channel that does not require authentication.

References (2)

https://us-cert.cisa.gov/ics/advisories/icsa-21-147-03

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

https://us-cert.cisa.gov/ics/advisories/icsa-21-147-03

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.