CVE-2021-28123

Published: Apr 2, 2021Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Undocumented Default Cryptographic Key Vulnerability in Cohesity DataPlatform version 6.3 prior 6.3.1g, 6.4 up to 6.4.1c and 6.5.1 through 6.5.1b. The ssh key can provide an attacker access to the linux system in the affected version.

Affected (3)

Products: Cohesity: Cohesity Dataplatform

Cohesity

1 product

Cohesity Dataplatform

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Cohesity Cohesity Dataplatform	From 6.3 to 6.3.1g
Cohesity Cohesity Dataplatform	From 6.4 to 6.4.1c
Cohesity Cohesity Dataplatform	From 6.5.1 to 6.5.1b

Related CWEs

CWE-1188

Initialization of a Resource with an Insecure Default

The product initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.

References (2)

https://github.com/cohesity/SecAdvisory/blob/master/CVE-2021-28123.md

Source: cve@mitre.org

Third Party Advisory

https://github.com/cohesity/SecAdvisory/blob/master/CVE-2021-28123.md

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.