CVE-2021-41301 CRITICAL

CVE-2021-41301: ECOA BAS controller - Exposure of Sensitive Information to an Unauthorized Actor

Weakness CWE-200 · Info exposure

Published September 30, 2021

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

9.8/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

ECOA BAS controller is vulnerable to configuration disclosure when direct object reference is made to the specific files using an HTTP GET request. This will enable the unauthenticated attacker to remotely disclose sensitive information and help her in authentication bypass, privilege escalation and full system access.

Key dates

02Disclosure timeline

September 30, 2021 CVE published

September 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-41301

Related vulnerabilities

CVE-2021-41301: ECOA BAS controller - Exposure of Sensitive Information to an Unauthorized Actor

01Description

02Disclosure timeline

03References

04Related CVE