PT-2021-3649 · Hbs 3 · Hbs 3

Ta-Lun Yen

Published

2021-05-05

Updated

2021-07-12

CVE-2021-28809

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions HBS 3 versions prior to v3.0.210506 HBS 3 versions prior to v3.0.210507

Description An improper access control issue has been reported, affecting certain legacy versions of HBS 3. This issue allows attackers to compromise the security of the operating system. The vulnerability is related to insufficient authentication procedures on the RTSS server, which can be exploited by a remote attacker to elevate privileges using a specially crafted request on port 8899.

Recommendations For HBS 3 versions prior to v3.0.210506, update to HBS 3 v3.0.210506 or later. For HBS 3 versions prior to v3.0.210507, update to HBS 3 v3.0.210507 or later. As a temporary workaround, consider restricting access to port 8899 to minimize the risk of exploitation.

Fix

Missing Authentication

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306CWE-284CWE-749

Related Identifiers

BDU:2021-03868

CVE-2021-28809

ZDI-21-783

Affected Products

Hbs 3

PT-2021-3649 · Hbs 3 · Hbs 3

CVE-2021-28809

Weakness Enumeration

Related Identifiers

Affected Products

References · 9