CVE-2021-30064

CWE-798Hard-coded Credentials3 documents3 sources
Severity
9.8CRITICAL
EPSS
0.1%
top 82.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Belden Tofino Xenon Security Appliance FirmwareSchneider-electric Tcsefea23f3f22 Firmware
Timeline
PublishedApr 3
Latest updateApr 5

Description

On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, an SSH login can succeed with hardcoded default credentials (if the device is in the uncommissioned state).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-rrj3-j7px-f5g5: On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 032022-04-05
CVEList
CVE-2021-30064: On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 032022-04-03
CVE-2021-30064 (CRITICAL CVSS 9.8) | On Schneider Electric ConneXium Tof | cvebase.io