📦

passport_integrated_console_server

Vendor: digi

Actively Exploited 0 CISA KEV List

PoC / Exploits 0 Code Available

Total RCEs 0 Remote Access

Total CVEs 3 Total Indexed

Avg. EPSS 0.56% Exploit Prob.

Latest CVE CVE-2021-36767 Oct 08

Security Vulnerability Index

Page 1 / 1

9.8 CVSS

CVE-2021-36767

In Digi RealPort through 4.10.490, authentication relies on a challenge-response mechanism that gives access to the server password, making the protection ineffective. An attacker may send an unauthenticated request to the server. The server will reply with a weakly-hashed version of the server's access password. The attacker may then crack this hash offline in order to successfully login to the server.

EPSS: 0.36%

Severity: CRITICAL

Oct 08, 2021

8.1 CVSS

CVE-2021-35979

An issue was discovered in Digi RealPort through 4.8.488.0. The 'encrypted' mode is vulnerable to man-in-the-middle attacks and does not perform authentication.

EPSS: 0.29%

Severity: HIGH

Oct 08, 2021

9.8 CVSS

CVE-2021-35977

An issue was discovered in Digi RealPort for Windows through 4.8.488.0. A buffer overflow exists in the handling of ADDP discovery response messages. This could result in arbitrary code execution.

EPSS: 1.03%

Severity: CRITICAL

Oct 08, 2021

Displaying 3 of 3 Total Entries

Total 1 Sections