CVE-2021-21902

Name of the Vulnerable Software and Affected Versions Garrett Metal Detectors iC Module CMA version 5.0

Description An authentication bypass issue exists in the CMA run server 6877 functionality. A properly-timed network connection can lead to authentication bypass via session hijacking. An attacker can send a sequence of requests to trigger this issue.

Recommendations For Garrett Metal Detectors iC Module CMA version 5.0, consider disabling the run server 6877 functionality as a temporary workaround until a patch is available. Restrict access to the affected module to minimize the risk of exploitation. Avoid using the affected functionality in the CMA until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.