ID

VAR-202108-1786


CVE

CVE-2021-34433


TITLE

Eclipse Californium  Digital Signature Verification Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-012352

DESCRIPTION

In Eclipse Californium version 2.0.0 to 2.6.4 and 3.0.0-M1 to 3.0.0-M3, the certificate based (x509 and RPK) DTLS handshakes accidentally succeeds without verifying the server side's signature on the client side, if that signature is not included in the server's ServerKeyExchange. Eclipse Californium Exists in a digital signature verification vulnerability.Information may be tampered with. Eclipse Californium is a Java-based code library of the Eclipse Foundation that provides Coap back-end support for the Internet of Things. Eclipse Californium has a data forgery vulnerability. The following products and versions are affected: Eclipse Californium 2.0.0 to 2.6.4 versions, Eclipse Californium 3.0.0-M1 to 3.0.0-M3 versions

Trust: 2.25

sources: NVD: CVE-2021-34433 // JVNDB: JVNDB-2021-012352 // CNNVD: CNNVD-202108-1804 // VULMON: CVE-2021-34433

AFFECTED PRODUCTS

vendor:eclipsemodel:californiumscope:eqversion:3.0.0

Trust: 1.0

vendor:eclipsemodel:californiumscope:ltversion:2.6.5

Trust: 1.0

vendor:eclipsemodel:californiumscope:gteversion:2.0.0

Trust: 1.0

vendor:eclipsemodel:californiumscope:eqversion:3.0.0-m1 to 3.0.0-m3

Trust: 0.8

vendor:eclipsemodel:californiumscope:eqversion:2.0.0 to 2.6.4

Trust: 0.8

vendor:eclipsemodel:californiumscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-012352 // NVD: CVE-2021-34433

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-34433
value: HIGH

Trust: 1.0

NVD: CVE-2021-34433
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202108-1804
value: HIGH

Trust: 0.6

VULMON: CVE-2021-34433
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-34433
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2021-34433
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-34433
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2021-34433 // JVNDB: JVNDB-2021-012352 // CNNVD: CNNVD-202108-1804 // NVD: CVE-2021-34433

PROBLEMTYPE DATA

problemtype:CWE-322

Trust: 1.0

problemtype:CWE-347

Trust: 1.0

problemtype:Improper verification of digital signatures (CWE-347) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-012352 // NVD: CVE-2021-34433

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202108-1804

TYPE

data forgery

Trust: 0.6

sources: CNNVD: CNNVD-202108-1804

PATCH

title:Bug 575281url:https://bugs.eclipse.org/bugs/show_bug.cgi?id=575281

Trust: 0.8

title:Eclipse Californium Repair measures for data forgery problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=160817

Trust: 0.6

sources: JVNDB: JVNDB-2021-012352 // CNNVD: CNNVD-202108-1804

EXTERNAL IDS

db:NVDid:CVE-2021-34433

Trust: 3.3

db:JVNDBid:JVNDB-2021-012352

Trust: 0.8

db:CNNVDid:CNNVD-202108-1804

Trust: 0.6

db:VULMONid:CVE-2021-34433

Trust: 0.1

sources: VULMON: CVE-2021-34433 // JVNDB: JVNDB-2021-012352 // CNNVD: CNNVD-202108-1804 // NVD: CVE-2021-34433

REFERENCES

url:https://bugs.eclipse.org/bugs/show_bug.cgi?id=575281

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-34433

Trust: 1.4

url:https://cwe.mitre.org/data/definitions/347.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2021-34433 // JVNDB: JVNDB-2021-012352 // CNNVD: CNNVD-202108-1804 // NVD: CVE-2021-34433

SOURCES

db:VULMONid:CVE-2021-34433
db:JVNDBid:JVNDB-2021-012352
db:CNNVDid:CNNVD-202108-1804
db:NVDid:CVE-2021-34433

LAST UPDATE DATE

2024-08-14T15:11:48.828000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2021-34433date:2021-08-26T00:00:00
db:JVNDBid:JVNDB-2021-012352date:2022-08-30T03:16:00
db:CNNVDid:CNNVD-202108-1804date:2021-08-27T00:00:00
db:NVDid:CVE-2021-34433date:2021-08-26T14:02:34.797

SOURCES RELEASE DATE

db:VULMONid:CVE-2021-34433date:2021-08-20T00:00:00
db:JVNDBid:JVNDB-2021-012352date:2022-08-30T00:00:00
db:CNNVDid:CNNVD-202108-1804date:2021-08-20T00:00:00
db:NVDid:CVE-2021-34433date:2021-08-20T17:15:07.687