PT-2021-3242 · Lasso+9 · Lasso+9

Published

2021-06-01

Updated

2024-07-30

CVE-2021-28091

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Lasso versions prior to 2.7.0

Description The issue is related to improper management of privileges in the Lasso library, which can be exploited by a remote attacker to impact the confidentiality, integrity, and availability of protected information. It involves improper verification of a cryptographic signature.

Recommendations For versions prior to 2.7.0, update to version 2.7.0 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive information and cryptographic functions until the update can be applied.

Fix

Improper Privilege Management

Improper Verification of Cryptographic Signature

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269CWE-347

Related Identifiers

ALSA-2021:4325

ALT-PU-2021-2195

ALT-PU-2022-1831

AZL-7255

BDU:2021-02957

CESA-2021_4325

CVE-2021-28091

DLA-2684-1

DSA-4926-1

OPENSUSE-SU-2021:1057-1

OPENSUSE-SU-2021_1057-1

OPENSUSE-SU-2024:10909-1

RHSA-2021:2989

RHSA-2021:4325

RHSA-2021_2989

RHSA-2021_4325

RLSA-2021:4325

SUSE-SU-2021:2589-1

SUSE-SU-2021_2589-1

USN-4974-1

Affected Products

Alt Linux

Almalinux

Centos

Lasso

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

PT-2021-3242 · Lasso+9 · Lasso+9

CVE-2021-28091

Weakness Enumeration

Related Identifiers

Affected Products

References · 55