CVE-2021-21902
22.12.2021, 19:15
An authentication bypass vulnerability exists in the CMA run_server_6877 functionality of Garrett Metal Detectors iC Module CMA Version 5.0. A properly-timed network connection can lead to authentication bypass via session hijacking. An attacker can send a sequence of requests to trigger this vulnerability.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| garrett | ic_module_cma | 5.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-303 - Incorrect Implementation of Authentication AlgorithmThe requirements for the software dictate the use of an established authentication algorithm, but the implementation of the algorithm is incorrect.
- CWE-287 - Improper AuthenticationWhen an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.