Vulnerability Details : CVE-2021-38759
Raspberry Pi OS through 5.10 has the raspberry default password for the pi account. If not changed, attackers can gain administrator privileges.
Exploit prediction scoring system (EPSS) score for CVE-2021-38759
Probability of exploitation activity in the next 30 days: 3.64%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 90 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2021-38759
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
[email protected] |
|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
[email protected] |
CWE ids for CVE-2021-38759
-
The product initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.Assigned by: [email protected] (Primary)
References for CVE-2021-38759
-
https://www.cnvd.org.cn/flaw/show/CNVD-2021-43968
Third Party Advisory
-
https://arstechnica.com/gadgets/2022/04/raspberry-pi-os-axes-longstanding-default-user-account-in-the-name-of-security/
Third Party Advisory
-
https://www.raspberrypi.com/documentation/computers/configuration.html#change-the-default-password
Vendor Advisory
-
http://packetstormsecurity.com/files/165211/Raspberry-Pi-5.10-Default-Credentials.html
Third Party Advisory;VDB Entry
Products affected by CVE-2021-38759
- cpe:2.3:o:raspberrypi:raspberry_pi_os_lite:*:*:*:*:*:*:*:*