Vulnerability Details : CVE-2021-27756
"TLS-RSA cipher suites are not disabled in BigFix Compliance up to v2.0.5. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it."
Products affected by CVE-2021-27756
- cpe:2.3:a:hcltech:bigfix_compliance:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-27756
0.17%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 55 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-27756
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2021-27756
-
The product uses a broken or risky cryptographic algorithm or protocol.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-27756
-
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0096977
Security Bulletin: HCL BigFix Compliance Server v2 uses TLS-RSA cipher suites that are known to be vulnerable to a ROBOT attack (CVE-2021-27756)Mitigation;Vendor Advisory
Jump to