Emissary-Ingress (formerly Ambassador API Gateway) through 1.13.9 allows attackers to bypass client certificate requirements (i.e., mTLS cert_required) on backend upstreams when more than one TLSContext is defined and at least one configuration exists that does not require client certificate authentication. The attacker must send an SNI specifying an unprotected backend and an HTTP Host header specifying a protected backend. (2.x versions are unaffected. 1.x versions are unaffected with certain configuration settings involving prune_unreachable_routes and a wildcard Host resource.)
Published 2021-07-09 21:15:09
Updated 2021-07-14 14:57:34
Source MITRE
View at NVD,   CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2021-36371

0.09%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 37 %
Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-36371

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
4.3
MEDIUM AV:N/AC:M/Au:N/C:N/I:P/A:N
8.6
2.9
NIST
3.7
LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
2.2
1.4
NIST

CWE ids for CVE-2021-36371

References for CVE-2021-36371

Products affected by CVE-2021-36371

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!