CVE-2021-38459

CWE-294: AUTHENTICATION BYPASS BY CAPTURE-REPLAY
The data of a network capture of the initial handshake phase can be used to authenticate at a SYSDBA level. If a specific .exe is not restarted often, it is possible to access the needed handshake packets between admin/client connections. Using the SYSDBA permission, an attacker can change user passwords or delete the database.
Successful exploitation of these vulnerabilities could allow an attacker to achieve remote code execution, and acquire complete remote control over the machine.
Read: “Claroty, Auvesy Coordinate Disclosure on Versiondog Vulnerabilities

Risk Information

  • CVE ID
  • CVE-2021-38459
  • Vendor
  • AUVESY
  • Product
  • versiondog
  • CVSS v3
  • 8.1