V
Scaner-VS
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
CVE-2021-27018
CVE
High

The mechanism which performs certificate validation was discovered to have a flaw that resulted in certificates signed by an internal certi…

CVSS
7.5
High
EPSS
0.01
p40
Published
2021-01-01
Updated
2021-01-01
Description

The mechanism which performs certificate validation was discovered to have a flaw that resulted in certificates signed by an internal certificate authority to not be properly validated. This issue only affects clients that are configured to utilize Tenable.sc as the vulnerability data source.

Tags · CWE
Pre-auth
CWE-295
CAPEC-459
CAPEC-475
Affected products
Remediate < 2.0.1
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Timeline
2021-01-01
Published
2021-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: L
Low (L)
Privileges Required
PR: N
None (N)
User Interaction
UI: N
None (N)
Scope
S: U
Unchanged (U)
Confidentiality Impact
C: N
None (N)
Integrity Impact
I: H
High (H)
Availability Impact
A: N
None (N)
Exploit indicators
EPSS
0.005 · p40
Known exploited (KEV)
No
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
Affected products
ProductVendorStatus
puppetTracked
puppetTracked
puppetTracked
puppetTracked
puppetTracked
puppetTracked
puppetTracked
remediate*Tracked
Source databases
CVE
UBU