PT-2021-20021 · Philips · Intellibridge Ec 40+1

Published

2021-12-27

Updated

2022-01-10

CVE-2021-33017

CVSS v3.1

8.8

High

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions IntelliBridge EC 40 and 60 Hub versions C.00.04 and prior

Description The issue concerns an alternate path or channel in the product that does not require authentication, despite the standard access path requiring authentication.

Recommendations For versions C.00.04 and prior, consider restricting access to the alternate path or channel until a fix is available. At the moment, there is no information about a newer version that contains a fix for this issue.

Fix

Authentication Bypass Using an Alternate Path or Channel

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-288

Related Identifiers

CVE-2021-33017

Affected Products

Intellibridge Ec 40

Intellibridge Ec 60

PT-2021-20021 · Philips · Intellibridge Ec 40+1

CVE-2021-33017

Weakness Enumeration

Related Identifiers

Affected Products

References · 4