CVE-2021-32928

Published: Jun 16, 2021Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

The Sentinel LDK Run-Time Environment installer (Versions 7.6 and prior) adds a firewall rule named “Sentinel License Manager” that allows incoming connections from private networks using TCP Port 1947. While uninstalling, the uninstaller fails to close Port 1947.

Affected (1)

Products: Thalesgroup: Sentinel Ldk Run Time Environment

1 product

Sentinel Ldk Run Time Environment

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Thalesgroup Sentinel Ldk Run Time Environment	Up to 7.6

Related CWEs

Incomplete Cleanup

The product does not properly "clean up" and remove temporary or supporting resources after they have been used.

References (2)

https://us-cert.cisa.gov/ics/advisories/icsa-21-159-06

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

https://us-cert.cisa.gov/ics/advisories/icsa-21-159-06

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.