CVE-2021-35979 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	8.1 HIGH	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 50%

Vendor	Product	Version
digi	realport	𝑥 ≤ 1.9-40
digi	realport	𝑥 ≤ 4.8.488.0
digi	connectport_ts_8\/16_firmware	*
digi	connectport_lts_8\/16\/32_firmware	*
digi	passport_integrated_console_server_firmware	*
digi	cm_firmware	*
digi	portserver_ts_firmware	*
digi	portserver_ts_mei_firmware	*
digi	portserver_ts_mei_hardened_firmware	*
digi	portserver_ts_m_mei_firmware	*
digi	6350-sr_firmware	*
digi	portserver_ts_p_mei_firmware	*
digi	transport_wr11_xt_firmware	*
digi	one_iap_family_firmware	*
digi	one_ia_firmware	*
digi	wr31_firmware	*
digi	wr44_r_firmware	*
digi	connect_es_firmware	*
digi	wr21_firmware	*

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-306 - Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References

https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-02.txt

https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-02.txt