CVE-2021-40856
published 2021-12-13CVE-2021-40856: Auerswald COMfortel 1400 IP and 2600 IP before 2.8G devices allow Authentication Bypass via the /about/../ substring.
PriorityP183high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
51.06%
98.8th percentile
Auerswald COMfortel 1400 IP and 2600 IP before 2.8G devices allow Authentication Bypass via the /about/../ substring.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| auerswald | comfortel_1400_ip_firmware | <= 2.8f | — |
| auerswald | comfortel_2600_ip_firmware | <= 2.8f | — |
| auerswald | comfortel_3600_ip_firmware | <= 2.8f | — |
Detection & IOCsextracted from sources · hover to see the quote
- →HTTP GET request to path matching /about/../<endpoint> (path traversal prefix) on Auerswald COMfortel devices indicates authentication bypass attempt. ↗
- →Successful exploitation returns HTTP 200 with a JSON body containing the keys 'TYPE', 'ITEMS', and 'COUNT' and Content-Type: application/json header — without prior authentication. ↗
- →Response Content-Type header of 'application/json' combined with HTTP 200 status on the bypass path confirms successful unauthenticated access. ↗
- →Attackers can retrieve PBX login credentials and other sensitive configuration data via the bypassed endpoint. ↗
- ·Vulnerability affects Auerswald COMfortel 1400 IP and 2600 IP before firmware 2.8G; the Nuclei template also targets the 3600 IP model. ↗
- ·The bypass works against the web-based configuration management interface; no credentials are required by the attacker. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-j9m7-v9vc-r99f: Auerswald COMfortel 1400 IP and 2600 IP before 2
ghsa_unreviewed·2021-12-14
CVE-2021-40856 [HIGH] CWE-287 GHSA-j9m7-v9vc-r99f: Auerswald COMfortel 1400 IP and 2600 IP before 2
Auerswald COMfortel 1400 IP and 2600 IP before 2.8G devices allow Authentication Bypass via the /about/../ substring.
VulnCheck
auerswald comfortel_3600_ip_firmware Use of Incorrectly-Resolved Name or Reference
vulncheck·2021·CVSS 7.5
CVE-2021-40856 [HIGH] auerswald comfortel_3600_ip_firmware Use of Incorrectly-Resolved Name or Reference
auerswald comfortel_3600_ip_firmware Use of Incorrectly-Resolved Name or Reference
Auerswald COMfortel 1400 IP and 2600 IP before 2.8G devices allow Authentication Bypass via the /about/../ substring.
Affected: auerswald comfortel_3600_ip_firmware
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://app.crowdsec.net/cti/cve-explorer/CVE-2021-40856
No detection rules found.
Nuclei
Auerswald COMfortel 1400/2600/3600 IP - Authentication Bypass
nuclei·CVSS 7.5
CVE-2021-40856 [HIGH] Auerswald COMfortel 1400/2600/3600 IP - Authentication Bypass
Auerswald COMfortel 1400/2600/3600 IP - Authentication Bypass
Auerswald COMfortel 1400/2600/3600 IP is susceptible to an authentication bypass vulnerability. Inserting the prefix "/about/../" allows bypassing the authentication check for the web-based configuration management interface. This enables attackers to gain access to the login credentials used for authentication at the PBX, among other data.
Template:
id: CVE-2021-40856
info:
name: Auerswald COMfortel 1400/2600/3600 IP - Authentication Bypass
author: gy741
severity: high
description: Auerswald COMfortel 1400/2600/3600 IP is susceptible to an authentication bypass vulnerability. Inserting the prefix "/about/../" allows bypassing the authentication check for the web-based configuration management interface. This enables attacke
http://packetstormsecurity.com/files/165162/Auerswald-COMfortel-1400-2600-3600-IP-2.8F-Authentication-Bypass.htmlhttps://www.redteam-pentesting.de/en/advisories/-advisories-publicised-vulnerability-analyseshttps://www.redteam-pentesting.de/en/advisories/rt-sa-2021-004/-auerswald-comfortel-1400-2600-3600-ip-authentication-bypasshttp://packetstormsecurity.com/files/165162/Auerswald-COMfortel-1400-2600-3600-IP-2.8F-Authentication-Bypass.htmlhttps://www.redteam-pentesting.de/en/advisories/-advisories-publicised-vulnerability-analyseshttps://www.redteam-pentesting.de/en/advisories/rt-sa-2021-004/-auerswald-comfortel-1400-2600-3600-ip-authentication-bypass
2021-12-13
Published
Exploited in the wild