Vulnerability Details : CVE-2021-42146
An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. DTLS servers allow remote attackers to reuse the same epoch number within two times the TCP maximum segment lifetime, which is prohibited in RFC6347. This vulnerability allows remote attackers to obtain sensitive application (data of connected clients).
Products affected by CVE-2021-42146
- cpe:2.3:a:contiki-ng:tinydtls:2018-08-30:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-42146
0.12%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 46 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-42146
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST | 2024-02-01 |
CWE ids for CVE-2021-42146
-
The product does not handle or incorrectly handles an exceptional condition.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-42146
-
https://seclists.org/fulldisclosure/2024/Jan/19
Full Disclosure: Misues same epoch number within TCP lifetime in TinyDTLSMailing List;Third Party Advisory
Jump to