CVE-2021-33600Reachable Assertion in Internet Gatekeeper

CWE-617Reachable Assertion3 documents3 sources
Severity
7.5HIGHNVD
CNA5.4
EPSS
0.4%
top 41.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
F-secure Internet GatekeeperF-secure Internet Gatekeeper
Timeline
PublishedSep 28
Latest updateMay 24

Description

A denial-of-service (DoS) vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. The vulnerability occurs because of an attacker can trigger assertion via malformed HTTP packet to web interface. An unauthenticated attacker could exploit this vulnerability by sending a large username parameter. A successful exploitation could lead to a denial-of-service of the product.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDf-secure/internet_gatekeeper5.105.50.47
CVEListV5f-secure/f-secure_internet_gatekeeper5 Series All Version

🔴Vulnerability Details

2
GHSA
GHSA-453r-cx7v-94wr: A denial-of-service (DoS) vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper2022-05-24
CVEList
Denial of Service Vulnerability in Web Interface of F-Secure Internet Gatekeeper2021-09-28
CVE-2021-33600 — Reachable Assertion | cvebase