CVE-2021-33577

An issue was discovered in Cleo LexiCom 5.5.0.0. The requirement for the sender of an AS2 message to identify themselves (via encryption and signing of the message) can be bypassed by changing the Content-Type of the message to text/plain.

CVSS v3 5.3 MEDIUM
CVSS v2.0 5.0 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://github.com/atredispartners/advisories/blob/master/ATREDIS-2020-0011.md	Exploit Third Party Advisory
https://www.cleo.com/cleo-lexicom	Product
https://github.com/atredispartners/advisories/blob/master/ATREDIS-2020-0011.md	Exploit Third Party Advisory
https://www.cleo.com/cleo-lexicom	Product

Configurations

Configuration 1 (hide)

cpe:2.3:a:cleo:lexicom:5.5.0.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-06-18 11:15

Updated : 2024-11-21 06:09

NVD link : CVE-2021-33577

Mitre link : CVE-2021-33577

CVE.ORG link : CVE-2021-33577

JSON object : View

Products Affected

cleo

lexicom

CWE

NVD-CWE-Other

{"id": "CVE-2021-33577", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2021-06-18T11:15:08.797", "references": [{"url": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2020-0011.md", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.cleo.com/cleo-lexicom", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2020-0011.md", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.cleo.com/cleo-lexicom", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Cleo LexiCom 5.5.0.0. The requirement for the sender of an AS2 message to identify themselves (via encryption and signing of the message) can be bypassed by changing the Content-Type of the message to text/plain."}, {"lang": "es", "value": "Se ha detectado un problema en Cleo LexiCom versi\u00f3n 5.5.0.0. El requisito para que el remitente de un mensaje AS2 se identifique (por medio de la encriptaci\u00f3n y la firma del mensaje) puede ser omitido al cambiar el Content-Type del mensaje a texto plano"}], "lastModified": "2024-11-21T06:09:07.677", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cleo:lexicom:5.5.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B8BB630-86C2-4ABE-AAAC-8E9F02897C22"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}