CVE-2021-43310

Critical

A vulnerability in Keylime before 6.3.0 allows an attacker to craft a request to the agent that resets the U and V keys as if the agent…

fedora·CWE-290·Published 2022-09-21

CVSS

9.8

EPSS

0.02

KEV

Exploits

cve.orgen

214 chars

A vulnerability in Keylime before 6.3.0 allows an attacker to craft a request to the agent that resets the U and V keys as if the agent were being re-added to a verifier. This could lead to a remote code execution.

NVDen

214 chars

NVDes

267 chars

Una vulnerabilidad en Keylime versiones anteriores a 6.3.0, permite a un atacante diseñar una petición al agente que restablezca las claves U y V como si el agente estuviera volviéndose a añadir a un verificador. Esto podría conllevar a una ejecución de código remota

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	9.8	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H