CVE-2021-33600

Published: Sep 28, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A denial-of-service (DoS) vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. The vulnerability occurs because of an attacker can trigger assertion via malformed HTTP packet to web interface. An unauthenticated attacker could exploit this vulnerability by sending a large username parameter. A successful exploitation could lead to a denial-of-service of the product.

Affected (1)

Products: F Secure: Internet Gatekeeper

1 product

Internet Gatekeeper

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
F Secure Internet Gatekeeper	From 5.10 to 5.50.47

Related CWEs

Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

References (4)

https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame

Source: cve-notifications-us@f-secure.com

Vendor Advisory

https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-33600

Source: cve-notifications-us@f-secure.com

Vendor Advisory

https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-33600

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.