CVE-2021-41301

Critical

ECOA BAS controller is vulnerable to configuration disclosure when direct object reference is made to the specific files using an HTTP GET…

twcert·CWE-200·Published 2021-09-30

CVSS

9.8

EPSS

0.02

KEV

Exploits

cve.orgen

320 chars

ECOA BAS controller is vulnerable to configuration disclosure when direct object reference is made to the specific files using an HTTP GET request. This will enable the unauthenticated attacker to remotely disclose sensitive information and help her in authentication bypass, privilege escalation and full system access.

NVDen

320 chars

NVDes

352 chars

El controlador ECOA BAS es vulnerable a una divulgación de la configuración cuando se hace referencia directa a los archivos específicos mediante una petición HTTP GET. Esto permitirá al atacante no autenticado divulgar remotamente información confidencial y le ayudará a omitir la autenticación, escalar privilegios y conseguir acceso total al sistema

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	10.0	10.0	10.0	AV:N/AC:L/Au:N/C:C/I:C/A:C
3.1	Primary	cve.org	9.8	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H